Behind another firewall
-
If you followed the guide, you are going to have a LAN wan and opt interface. Opt I think would need to be wide open. LAN would also need to allow most thinks in. Then you are going to create in bound rules on the wan interface. It has been a long time since I did a firewalled bridg e perhaps I need to refresh.
-
Sir Thank You very much for your support it was a success..
On the other hand i had another question to ask you,,, on that setup the topic that we've talked, is it possible to trunk LAN and WAN, how?
tahnks. -
sir how can i setup this bridge mode in vlan. i have my layer 2 switch with vlan..
-
For trunking, I guess you could do LAGG interfaces into the bridge, though I have never done that before.
It would imagine that it would be the same for VLAN. Assign VLANs to WAN and LAN (or opt1 and opt2 with the bridge on opt3) and then create the bridge out of them. Again, I am theorizing as I have don't have experience doing that either. -
Hi Sir
this is the setup that i have and we discussed earlier.ISP => Existing Firewall => PFSense => Switch => workstations
This setup has been solved
The new setup is like this:ISP => Existing Firewall => PFSense => Layer 3 switch setup with VLAN's => workstations connected to VLAN's
My VLAN's can ping each other without PFSense.
But when i setup PFSense in transparent bridge mode. I can't obtain ip from existing firewall. how can i setup my network like this with PFSense in Bridge Mode.Thanks,
-
You will have to create an interface per each VLAN you have setup. The apply all those interfaces into the bridge. Though, if you have VLANs, is your existing firewall handing out DHCP address on each VLAN in a different subnet?
-
Hi sir, yes sir, I have created 9 VLAN's in my existing firewall with DHCP on it. How can i set up this with PFsense on bridge mode?
Thanks, -
And in different subnets the 9 VLAN's
-
Sorry, I think you are going to have to create 18 VLANs (1 on WAN and its matching one on LAN). Then put each matching VLAN into its own bridge. I think that is going to be the only way that the VLAN tag will survive.
-
I can't understand you sir,, how can i create 18 VLAN's if i have 3 NIC's on my PFSense box? RL0 as my WAN, DC0 as my LAN and DC1 as the OPT1 as where i assign my RL0 and DC0 bridge.
on other i had my 9 VLAN's setup on my existing firewall (Zyxell USG 1000)
thanks,
-
and sir I always see this pop up message on my pfsense box: DC0 TX underrun – increasing TX threshold .. what is the meaning of this?
-
and sir I always see this pop up message on my pfsense box: DC0 TX underrun – increasing TX threshold .. what is the meaning of this?
Not sure about this … perhaps a driver or NIC issue. Perhaps there is a tweak in the advanced options you can do to prevent that ... search the forums and google.
The 9 VLANs you have on the Zyxell has to go somewhere. I assumed they are on the same NIC as the LAN port. If you are putting the pfsense box inline, the VLAN tag must survive the traversal of the pfsense machine. If you are assigning each VLAN its own nic, then perhaps you really don't need VLANs. You can have many VLAN on one physical NIC. Please see docs server for info on how to setup VLANS in pfsense.
So in pfsense, you are going to create a VLAN on WAN and a matching one on LAN (opt2 and opt3) then you are going to assign them to opt4 as a bridge. So for each VLAN on the Zyxell, you will have 2 on the pfsense machine. This is to pass the VLAN traffic on. If you are hooking it up in parallel with the VLANs and you are only wanting to block traffic on the default VLAN, then don't worry about the setup, you already have it working. -
I create alieases for the VLAN's
-
rule for bridge
-
Rule for LAN
-
rule for OPT1
-
rule for WAN
-
Sir I dont know it is correct but my Network is working fine i can access Zyxell and PFSense, i Have my internet..
Please check,,
How can i use bandwith limiter for every network and transparent proxy + dansguardian
Thanks sir,,
-
All of your VLAN are able to pass through the bridge and are able to get to the internet?
I am not familiar with the limiter or dansguardian, I use the squid3 package for proxying. It is easy to setup and you would only need to tell it what subnets you want to proxy on and it will do that.
-
Yes sir all of the VLAN's able to ping each other and has internet.
I want to ask you if this setup is ok? this were I come up, because its different from your setup..
I can't understand your concept, on how to set up my network,we successfully setup pfsense in transparent bridge mode behind my Zyxell firewall,,
the problem is with this set as my WAN=rl0 and LAN=dc0 was bridge in opt1. I cant imagine how can i assign this 3 NIC's because its already in use…