Transparent Bridge help
-
I had to replace my existing pfsense transparent bridge setup due to it getting zapped and fried. I bought new hardware that has dual gigabit onboard intel nics. When I built my previous pfsense box I used 1.2.2 and followed this ( http://pfsense.trendchiller.com/transparent_firewall.pdf ) document to set it up. Now with 1.2.3 that document is not relevant anymore as the transparent bridge setting is gone from the gui.
I have been searching around on this forum looking for some new instructions that apply to 1.2.3. I was going to load 1.2.2, use the old instructions and then upgrade to 1.2.3 like I did with the old one but my hardware does not work with 1.2.2.
I have found posts that say that neither WAN or LAN interface should have an IP address and that I should be adding a 3rd NIC to use as a management interface. Is this true and if so where can I find instructions on how to do this? I would rather keep the management interface on the WAN like I had on my old box. Is that a problem?
Once I add the 3rd interface and assign it an IP, will the GUI just work on it or do I have to do something to make it work?
Thanks
Bob
-
3rd interface will help a lot.
for transparent bridging and managing the device do the following: wan and opt1 as the bridge and lan for the management. thusfore network trafic doesn't see(L3-L7) the device and it comes a transparentfor how to do it use more search.
-
Thanks for the info. I have searched this forum and read posts all the way back to 2006 and I see no instructions on the transparent bridge for 1.2.3. The only instructions are the ones I used for 1.2.2. I found the "Bridge with" dropdown int he interfaces menu. Is that all I need to do to bridge it?
If I understand you correctly, I need to add a 3rd NIC and then bridge WAN to OPT1 with no IP addresses on them and set an IP on LAN to access the GUI. I want to be able to access the GUI from the WAN side (I realize that is a security risk). Is that possible and if so what rule would I need for it? Also does it matter what NIC is which? It has 2 onboard Intel Gigabit NICs and I am going to add a PCI-e Intel Gigabit NIC to it.
Bob
-
I'm not able to help you on that topology, you might need to wait if someone else is able to say how to get it work.
-
Hi Bob: Do a search for "transparent" on this forum. You should see a step-by-step guide posted under my user
-
Hi Bob: Do a search for "transparent" on this forum. You should see a step-by-step guide posted under my user
OK. I found your writeup but it is for version 2.0 and I am using 1.2.3. Not sure if that makes a difference. It seems to be telling me to do the opposite of what the other poster suggested. Maybe you could clarify this for me.
I was hoping to pass my traffic between WAN and OPT1 and leave LAN on a non public IP. So If I understand your writeup correctly, I would bind one of my public IP addresses to the WAN interface and leave OPT1 with no IP then I would bridge OPT1 with WAN. I would have a private IP (192.168.1.1) on the LAN interface so I can manage it via the GUI (I need to keep the LAN NIC on a private IP as the IPMI access is on that NIC and it is not secure enough to be exposed to the internet). I would add a rule to the OPT1 to allow all traffic to pass (just like the one that is in LAN by default). I would make the changes to NAT that you described. I would add my pass rules on the WAN tab and that should be it. Right?
-
Hi Bob: I missed that about 1.2.3, it is setup a little different then 2.0. That PDF guide would be your best bet. I will look at your post again and comment