pfsense can not act as transparent
-
hello,
i have a router in first floor and a server in second floor and due to some limitaion i can not connect them physcally so i have put port switch for both of them in same vlan and route a /30 in my edge router to pfsense then in pfsense set first ip of /30 in virtual ip and set second ip in my router in first floor (my first floor router default route is set to pfsense virtual ip)
note: my router is first floor has bgp with some customers and has gre tunnel.
now the problem is pfsense does not act as transparent and i should add static route for every prefix in pfsense until packets forward to my router,
any idea?
thanks -
I think we're going to need a diagram here. It's not clear what you're asking.
Transparent how? Like a single layer 2?
Steve
-
this is the diagram
Uplink <-> pfsense lan 1 (second floor of datacenter)<-> mikrotik lan1(first floor of datacenter)
and yes want pfsense work as layer 2 does not do any routing just for inspection. -
I don't see the edge router in that 'diagram' nor the device you describe as a server.
Why have you setup a /30 transport subnet if you want it to be all on a single layer 2?
That the link between pfSense LAN1 and Mikrotik LAN1 I assume? Using a new VLAN you put in?
What exactly is pfSense doing in this setup?
What's the goal here? To connect the Mikrotick to the uplink?
Steve
-
See i have a ddos protected uplink but i receive small attacks with 80mbps udp and 200k pps and these attacks bother my users so i have connect my ddos protected to pfsense and because mikrotik and pfsense are far away together we put them in samr vlan in port switch so we route a /30 to pfsense then route it to mikrotik.
Is it clear? -
So you are routing then? (Hence the /30)
You can't be "transparent bridge" if you are routing.
https://www.netgate.com/docs/pfsense/book/interfaces/interfacetypes-misc.html#bridges
-
So you are routing the /30 to pfSense, from the the edge router?
And then routing it to the Mikrotik?
None of that is Layer 2.
We are going to need a full diagram here with all the interfaces on each device and the IPs shown. It's not at all clear what you have here.
Also a clear definition of what you trying to achieve.
Steve