Bridging Firewall Not Passing Traffic
-
Ok, so now that everything works without the firewall, we'd love it if we could use the firewall now. :-)
So here's where we are… WAN (AdminPort) is an internal admin interface--which works fine no matter what
LAN (Internet-Side) and OPT1 (Server-Side) are bridged (as OPT2) together.
If we use "pfctl -d" to stop the firewall, traffic flows correctly. If we turn the firewall on, no traffic flows through the bridge, though it does flow out of the AdminPort (WAN). I tried "anything from anywhere to anywhere" configured on LAN, OPT1 and OPT2... trying to "be completely open".... yet no joy.
My current firewall rules are:
-
Floating: none
-
AdminPort (WAN): source: 192.168.x.x/21 | destination: *
-
Internet (LAN): source: x.x.x.x (various public IPs of remote servers to be allowed in) | destination: 8.37.x.x (various server IPs behind bridge)
-
ServerLAN (OPT1): source: 8.37.x.x (local server IPs) | destination: x.x.x.x (various public IPs of off-site servers to we connect)
-
Bridge (OPT2): source: * | destination: *
I'm sure it is something simple–would someone point me in the right direction, please?
Thanks!
PS: Once I get this working, I will produce a new HOWTO for setting up bridging firewalls with three NICs instead of the two used in most examples. (We do not want a public-IP admin port on our firewall.)
-
-
Ok, this falls under the category of "doh"… Forgot to open non-TCP traffic when trying to ping things.
Sorry to bother, but now I can work on the HOWTO that I wanted to do....