Need Help on How to Bridge PFSense 2.0 RC1 for Public IPs on Optional Interface
-
I think I have read every forum post on this site and the search engines, and nothing seems to make any kind of sense. Here is my configuration.
Installed PfSense 2.0 RC1 on a server with 3 nic cards.
Nic Card 1 goes to ISP which is WAN
Nic Card 2 goes to Eth1 which is LAN
Nic Card 3 goes to Eth2 which is OPT 1The WAN port has a static IP of 173.160.131.59 assigned to it and I happily get internet on the LAN. That was was easy and the LAN is still untouch with the stock settings of 192.168.1.1.
I have 3+ servers which now need public IP's and they need to sit behind OPT 1. Can someone please give me a step by step procedure on how to set this up? I have read article over article, and nothing seems to make any sense. Please don't be rude and tell me to read another article or another post. Please post step by step instructions on how to achieve this.
OPT 1 is currenty active and I have set the interface with a static ip of 192.168.10.1 without a gateway. How do I achieve what I am looking to do with out spending another 10 hours on this with no results. Thank you in advance for your help.
Neil Ghuman
Get A Host -
Why do your servers need to be off of OPT1? If you want them just to be nat'ed then put them on your lan and do it that way.
-
I think I have read every forum post on this site and the search engines, and nothing seems to make any kind of sense. Here is my configuration.
Installed PfSense 2.0 RC1 on a server with 3 nic cards.
Nic Card 1 goes to ISP which is WAN
Nic Card 2 goes to Eth1 which is LAN
Nic Card 3 goes to Eth2 which is OPT 1The WAN port has a static IP of 173.160.131.59 assigned to it and I happily get internet on the LAN. That was was easy and the LAN is still untouch with the stock settings of 192.168.1.1.
I have 3+ servers which now need public IP's and they need to sit behind OPT 1. Can someone please give me a step by step procedure on how to set this up? I have read article over article, and nothing seems to make any sense. Please don't be rude and tell me to read another article or another post. Please post step by step instructions on how to achieve this.
OPT 1 is currenty active and I have set the interface with a static ip of 192.168.10.1 without a gateway. How do I achieve what I am looking to do with out spending another 10 hours on this with no results. Thank you in advance for your help.
Neil Ghuman
Get A HostI believe what you want to do is bridge the two interfaces…. /interfaces_bridge_edit.php Then build firewall rules between them as needed... Also advanced/system tunables page net.link.bridge.pfil_bridge to 1
This is something Im thinking about doing here so will be interested in your updates. Im actually natting now and using 1:1 nat from my static ip to my one server which does multiple functions...
-
I just did it and so far it works…
Created a bridge between the LAN and WAN of my test box using the link I wrote in my first post. /interfaces_bridge_edit.php
Under assign- linked LAN to Bridge0 /interfaces_assign.php
/system_advanced_sysctl.php net.link.bridge.pfil_bridge Set to 1 to enable filtering on the bridge interface make it 1
created firewall rules both ways allowing all for this test.
Im accessing the box via its WAN port so have a rule allowing WAN access to the GUI via the WAN port...
Im accessing the device on the other side of the test box without issue.
Ill do some more testing when I get some time...
Update-
I can reach the client behind the box however the client cant seem to initiate and get out no matter what I do...
-
:)
Looks like I missed some huge and important information. I want don't want to NAT my Servers behind OPT1. I want to Bridge and put Static Public IP Addresses on my servers. Please help. -
ChPalmer,
Here is what I did so far. I tried my heart out to configure a Bridge, but probably did it wrong. I tried a million different things to just get the box on Opt1 to get internet with the static ip and gateway of the router, not the pfsense, and nothing. It would not see internet for it's life. Let me know what you come up with and I hope your testing succeeds. I think this would tremendously help the entire community and we can put this in the wiki as soon as we accomplish this.
Looking forward.