pfsense can not act as transparent



  • hello,
    i have a router in first floor and a server in second floor and due to some limitaion i can not connect them physcally so i have put port switch for both of them in same vlan and route a /30 in my edge router to pfsense then in pfsense set first ip of /30 in virtual ip and set second ip in my router in first floor (my first floor router default route is set to pfsense virtual ip)
    note: my router is first floor has bgp with some customers and has gre tunnel.
    now the problem is pfsense does not act as transparent and i should add static route for every prefix in pfsense until packets forward to my router,
    any idea?
    thanks


  • Netgate Administrator

    I think we're going to need a diagram here. It's not clear what you're asking.

    Transparent how? Like a single layer 2?

    Steve



  • this is the diagram
    Uplink <-> pfsense lan 1 (second floor of datacenter)<-> mikrotik lan1(first floor of datacenter)
    and yes want pfsense work as layer 2 does not do any routing just for inspection.


  • Netgate Administrator

    I don't see the edge router in that 'diagram' nor the device you describe as a server.

    Why have you setup a /30 transport subnet if you want it to be all on a single layer 2?

    That the link between pfSense LAN1 and Mikrotik LAN1 I assume? Using a new VLAN you put in?

    What exactly is pfSense doing in this setup?

    What's the goal here? To connect the Mikrotick to the uplink?

    Steve



  • See i have a ddos protected uplink but i receive small attacks with 80mbps udp and 200k pps and these attacks bother my users so i have connect my ddos protected to pfsense and because mikrotik and pfsense are far away together we put them in samr vlan in port switch so we route a /30 to pfsense then route it to mikrotik.
    Is it clear?



  • So you are routing then? (Hence the /30)

    You can't be "transparent bridge" if you are routing.

    https://www.netgate.com/docs/pfsense/book/interfaces/interfacetypes-misc.html#bridges


  • Netgate Administrator

    So you are routing the /30 to pfSense, from the the edge router?

    And then routing it to the Mikrotik?

    None of that is Layer 2.

    We are going to need a full diagram here with all the interfaces on each device and the IPs shown. It's not at all clear what you have here.

    Also a clear definition of what you trying to achieve.

    Steve


Log in to reply