Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trasparent bridge firewall "variant"

    Firewalling
    2
    2
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      topoldo
      last edited by

      I beg your pardon if the topic was already discussed, but I did not find anything about this "variant" of bridge-fw by using pfSense 2.0.x.

      At the moment I have an OpenBSD+pf based trasparent bridge-firewall which uses 3 network cards.
      I use 2 of them WITHOUT IP to create the bridge-firewall and the third one with an IP on the "LAN" side
      to manage it.

      The schema is the following:
                                –-
                                |    |     
      LAN [No IP] –-----|    |----------- WAN [NO IP]
                                |    |
                                |    |
      Admin      –------|    |
      IP 1.2.3.4            |    |
                                ---

      Now, I would like to switch to a pfSense based trasparent bridge-fw.
      I found and followed the indications of W. Tarrh HowTo:
      http://people.pharmacy.purdue.edu/~tarrh/Transparent%20Firewall-Filtering%20Bridge%20-%20pfSense%202.0.1%20By%20William%20Tarrh.pdf

      In this case however, if I understood correctly, the WAN interface has an IP associated, from which pfSense could be managed. Moreover, from what was reported in the forum it seems that the management via web has some problems if the IP was assigned to the LAN interface instead.

      My question is: by using pfSense is it possible to create a bridge-fw like the one I did with OpenBSD+pf, ie the LAN and WAN interfaces used to create the bridge have NO IP assigned while the management is done using a third interface at which was assigned an IP, preferibly set on the LAN side?
      TIA for any answer

      Topoldo

      1 Reply Last reply Reply Quote 0
      • S
        SeventhSon
        last edited by

        very much possible. Normally you would bridge WAN and LAN, enable filtering bridge, and add one OPT interface with IP address for management. (Of course, you can call those interfaces whatever you like in pfSense afterwards :D)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.