Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Filtered Bridge Configuration for v2.0.1 - Only Two Interfaces (LAN/WAN)

    Scheduled Pinned Locked Moved
    Firewalling
    3
    3
    1.5k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      ShipshapeJB
      last edited by

      Hello all-

      I'm having trouble locating a good document for configuring a filtered bridge for version 2.x, and most of the configurations I can find seem to be for setups with three physical interfaces (where one can be reserved for management).  I'm trying to make due with two.  I have a cable modem with a block of 5 usable public IPs.  When done I'm hoping it can operate as follows…

      1. Cable modem connected to pfSense WAN

      2. pfSense LAN to connected to small switch

      3. Hosts connected to switch can be assigned public IPs from the cable modem subnet and access the Internet without NAT.  All outbound traffic is permitted.  Inbound traffic to those hosts should be controlled by rules.

      This seems like it should be simple but I'm really struggling with it.  I've bridged the LAN/WAN interfaces together, disabled NAT and set the pfil_bridge to 1.  I have no DHCP.  I've found various configurations where hosts behind the firewall can go outbound and I've used wireshark on an external host to verify that NAT is off.  However, I've not been able to permit any inbound traffic from the WAN side.  Here are a couple of things I'm really unclear on...

      • Which of the pfSense interfaces should have IP addresses (I tried several combinations) and which should I be using for management (I've been using the LAN, Bridge or both - Generally have had no IP assigned to the WAN interface)

      • On which interface (WAN, LAN or Bridge) should I be creating rules for access the hosts behind the firewall?

      Any help would be appreciated.  I'm wondering if this is even possible with just two physical interfaces.  If I am able to sort this out I'd happily draft a step-by-step for others.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • R
        radicd
        last edited by

        I had the same issue, many hours of googling led me to http://forum.pfsense.org/index.php?topic=37824.0 – which worked great, the only step missing was to bridge the LAN and WAN which you have already done!

        1 Reply Last reply Reply Quote 0
        • F
          FJSchrankJr
          last edited by

          @radicd:

          I had the same issue, many hours of googling led me to http://forum.pfsense.org/index.php?topic=37824.0 – which worked great, the only step missing was to bridge the LAN and WAN which you have already done!

          Thanks for the heads up. someone else pointed out I missed that step, I am going to add that in tonight.

          FJS - Embedded Systems Engineer
          Pictures are worth a thousand words, but <u>posting config.xml backups are worth 10,000</u>.  Alter the IPs, change anything revealing but leave subnets intact. Use find and replace. Please try to keep it brief on the description.
          ALWAYS disable TSO  & LRO EXCEPT CHKSUM IF SUPPORTED. TSO/LRO breaks traffic, pf scrub and this goes for any passive device inline

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.