Setup pfsence in Bridge mode

Cleetus Antony

Dear All,

I would like to setup a pfsence box as bridge mode to limit download traffic in a way like, to one port the traffic comes in and goes out thru the second port. Is there any possibility to make it in such a way instead of making a WAN and LAN port??? I dont want any routing/proxy features.

Kindly help

Thanks
Cleetus Antony
cleetusantony@gmail.com

Harvy66

I haven't done it myself, but I'm pretty sure you can just create a "bridge" interface in the same area you create all other interfaces.

Sloppy response, I know, but sometimes others are slow to respond and this should give you enough direction to get started.

Cleetus Antony

Thank you Harvy for the reply

I have trued and there is no option to make a bridge interface during the setup or after it.

Any other ideas ?

Thank u

Cleetus

KOM

I suspect that this is the wrong forum to post this, and not a lot of people look here.  Try in the pfSense English Support - General questions forum.

stephenw10

In what way aree you wanting to limit the traffic?
You can certainly do this. You should search for setting up a 'transparent firewall'.
You may want to read through this:
http://people.pharmacy.purdue.edu/~tarrh/Transparent%20Firewall%20-%20Filtering%20Bridge%20-%20William%20Tarrh.pdf

Steve

Cleetus Antony

Hi Steve & KOM

Thank you for the tips and I will try this asap.

Cleetus

Cleetus Antony

Hi Steve,

I have followed the steps and its asking only to put the WAN interface name; I have put bge0 (Broadcom NIC) and it gets IP address by DHCP.  But its not asking about LAN interface at all ( Second NIC is Realtek NIC and it is up and its "re0" ). I went forward and gone into the GUI and I added the LAN interface. Next when I try to create the Bridge, I cannot see the LAN interface in the list to add with WAN.
Anything I am missing ?

Appreciate your reply

Thanks
Cleetus

stephenw10

Hmm, you should be able to. Sometimes the interfaces in the list can be difficult to see in the browser, try using thee cursor keys to move down the list and use Ctrl to select both WAN and LAN. The LAN should be IP type 'none'.

Steve

Edit: Have you assigned re0 as LAN yet?

Cleetus Antony

Yes..Now I cud make LAN, WAN and Bridge. I made rule for LAN and WAN allowing tcp/udp traffic any any to any. Still when i connect to network, everything gets dropped and no internet access for network.

Pfsense has only one IP address now which was assigned to WAN interface before creating the bridge.

Attached the screenshots. plz have a look.

stephenw10

OK, so how much of the instructions in the guide did you follow?
Do you see anything in the firewall logs?

Steve

Cleetus Antony

I think I have fixed the issue. Now its passing the traffic and limiting the IN/OUT traffic.

I have just made a small network and checked the box now. Will have to connect to my real network where around 500 users are using internet.

Thank you very much Steve for the valuable tips u hv provided.

Cleetus

stephenw10

No problem.  :) Any idea what the fix was?

Steve

Cleetus Antony

Ohhh.. that was silly…I was keep on trying in my access layer by connecting 2 interfaces of pfsence as bridge.. today I connected in my core later and things found its working by making a totally separate network.... in next few days I will connect in my real  network and see how things are working...

Thank you steve again
Cleetus

Cleetus Antony

I have connected my Laptop(Static LAN IP configuration) to LAN port of Pfsense Box and its WAN interface I connected to my Cisco 2800 Router. That time I can connect to the internet.

But When I setup the network by using Cisco 3560 SW (DHCP srvr) and Cisco 2800 Router and kept pfsense in between, I can see that traffic is not passing thru pfsense. I can access the Box in this setup  but not able to ping my Router. But when I ping the router from the GUI of pfsense, its able to ping the Router. Wonder why I cannot connect to the internet.

Attaching the some docs which reveals the current situation.


stephenw10

If your Cisco device is using IPv6 then no traffic will pass. Your IPv6 rule has source 'lan net' but your LAN interface doesn't have an IP so it can never match anything.

Steve

Cleetus Antony

I have used cisco devices with only IP4

The devices I have used as test devices.. not a running devices on network.
No IPv6 services is running

did u chk the rules i set ? is ther anything i m missing in rules sections for any of the interfaces ?

Is der  the Anti lockout rule in LAN interface makes any issue ?

I have removed the IPv6 rules and checked.. still no luck.

Why the pfsense is passing the laptop traffic when the laptop is configured with static Ip configuration; but not passing traffic with dhcp enabled ?

stephenw10

Are you getting an IP correctly via DHCP? Correct subnet and gateway?
Do you see anything blocked in the firewall logs?

Steve

Cleetus Antony

I am getting correct IP, GW and DNS….. Same IP as static passes the traffic...!!!!!!!!!!!!

No block logs are in System logs.... is that same u r talking about firewall logs ?

stephenw10

The system log is distinct from the firewall log, they are on separate tabs in the webgui logs page.

If your traffic is not getting through it's not arriving at the firewall, it's being blocked by the firewall or it's not being routed out of the firewall.

Steve