Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridge WAN to LAN

    General pfSense Questions
    2
    2
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SteffanCline
      last edited by

      I need to set up a WAN to LAN bridge for a transparent firewall/snort. I was looking at the URL https://forum.pfsense.org/index.php/topic,20917.0.html which seems to be based primarily around WiFi etc. I am switching from Untangled to pfSense for the superior feature set but this particular feature seems not so obvious to set up. The server this is installed on has 4 NIC ports. The configuration needs to look like this:

      NIC1 -> WAN
      NIC2 -> LAN(WAN) (WAN filtered by FW/SNORT) - servers on this side use global IPs
      NIC3 -> LAN3 preferably accessible to a VPN USER A thru WAN
      NIC4 -> LAN4 preferably accessible to a VPN USER B thru WAN

      VPN USER C would have unfiltered access to the WAN.

      Perhaps its my lack of verbiage that I'm not finding anything specific via Google so I figured I'd ask under a new thread.

      Suggestions?

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        NIC1 -> WAN

        Configure as a WAN port like you need or are able to realize over PPPoE or with a static public IP address.

        NIC2 -> LAN(WAN) (WAN filtered by FW/SNORT) - servers on this side use global IPs

        Lets call it DMZ Port, behind this port usually the DMZ switch is standing connected with some or more
        servers with public Internet connection. Configure it as the DMZ port with matching rules for the
        WAN - DMZ and DMZ - LAN and vice versa. I suggest to use and go with 1:1 NAT and virtual IPs
        addresses (VIPs) and than set up the Snort on the WAN Port to filter and sniff all network traffic
        or set it up for the DMZ port that might be than only filtering and sniffing the WAN - DMZ traffic

        NIC3 -> LAN3 preferably accessible to a VPN USER A thru WAN

        This could be a VLAN or a own subnet with his own IP address range likes;
        a LAN Switch with VLAN support is connected:

        • VLAN10 - PCs - 192.168.3.0/24 (255.255.255.0)
          a LAN Switch without VLAN support is connected:
        • 192.168.3.0/24 (255.255.255.0)

        NIC4 -> LAN4 preferably accessible to a VPN USER B thru WAN

        a LAN Switch with VLAN support is connected:

        • VLAN20 - PCs - 192.168.4.0/24 (255.255.255.0)
          a LAN Switch without VLAN support is connected:
        • 192.168.4.0/24 (255.255.255.0)

        VPN USER C would have unfiltered access to the WAN.

        Set up and configure OpenVPN as the following:

        • 3 different OpenVPN IPs
          – the first one (A) gets a route only to the VLAN10 or for the whole subnet (CIDR) 192.168.3.0/24
          -- the second one (B) gets a route only to the VLAN20 or for the whole subnet (CIDR) 192.168.4.0/24
          -- the third one (C) gets full access to the entire LAN, all subnets (CIDR) I mean or all VLANs handled
          by rules or routes.
        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.