How to implement bridge mode in pfsense 2.0
-
Hello
I have 8 public ip . I wanna use pfsense 2.0 work in bridge mode . LAN<->WAN bridge
how to setup .. I try to bridge LAN and WAN ..but LAN can't ping to WAN's gateway???I saw the document in http://pfsense.trendchiller.com/transparent_firewall.pdf
but i can't find the page 3 (enable filtering bridge) in pfsense 2.0my network layout is
ISP–---------WAN==pfsense2.0==LAN---------Switch
|----server1(public ip)
|----server2(public ip)
|----server3(public ip)
Is there anybody can tell me how to setup ???
Thanks ev8d ~~~~ -
The "Enable Filtering Bridge" option has been removed in 2.0 as it is set to on by default.
I am also struggling on how to properly set it up as a transparent firewall or bridged mode. It seems like the firewall rules "lives it's own life" as it sometimes block and sometimes pass the same traffic. (Though, this can be because my setup is wrong).
So if you figure out how to do this properly, please share your solution here.
-
The "Enable Filtering Bridge" option has been removed in 2.0 as it is set to on by default.
This might not be true on the newest builds though. If you go to the 'System -> Advanced -> System Tunables' option, you have it there on the last line (net.link.bridge.pfil_bridge). Mine were set to '0'..
-
Did anyone ever have any success with this?
I've spent all day attempting to get pfsense 2 (Dec 29th snapshot, i386) to bridge, and am feeling somewhat stupid. I've managed to fail spectacularly (including somehow generating a few MBps of arp traffic across the bridge), and eventually managed to get traffic to travel one way across the bridge but somehow get responses stopped on the way back.
My scenario is something similar to the original poster's. I have a 'WAN' interface in a DMZ created behind an external firewall, NAT'd behind this interface is the entire collection of "LAN" networks, In the DMZ, I intend to have a number of hosts (currently in private address space, but will eventually move into public address space), but wish to transparently filter access to/from them.
Has anyone successfully managed to configure transparent bridging with filtering under pfsense 2?
-
Hi,
there is a howto -> http://forum.pfsense.org/index.php/topic,20917.0.html
try it…u can assign the bridge to LAN.
cya
-
Thanks spiritbreaker, I had already read that post and tried it several times without much luck.
I suppose I should add that I am attempting to do this under ESXi. Has anyone got this working before?
*** Edit ***
In an interesting twist, I just set up a pfsense 1.2.3 VM under Virtualbox, bridged the interfaces and it's working fine. It looks like I'll be heading over to the VMware forums to see if anyone has come across this problem… -
Hi,
1. make sure the bridge is really working (maybe its better to test with real machine in first step)
2. ESX: u only net a second virtual switch vswitch1, then u bound pfsense bridgeinterface1 and all ur virtual machines(which should pass the bridge) to it, dont assign a esx interface to it.
The standard network vswitch0 is bound to pfsense bridgeinterface2 and assign esx ethernet to reach ur lan (it is by default).
Make sure u set all Firewall rules properly.
cya
-
Nic Nac, did you ever figure this out? If yes, please share your solution.
-
I've just been working on this same problem and managed to get it working under esxi 4.1. The missing ingredient was to enable promiscuous mode on the virtual switch from within vsphere. Just edit the properties for the vswitch and under security change promiscuous mode from "reject" to "allow". I didn't even need to restart my VM, it just started working instantly.
Hope this helps.