Need help with setting up pfSense as a bridging firewall



  • Hi,

    I'm trying to set up pfSense in a transparent mode but it doesn't work. I'm not even sure if my setup will work but I read somewhere that it should work.

    I've got a dedicated server running ESXi 5.5 with only 1 network interface patched in. The server is connected directly to the Internet. My host can't have NAT so I need a transparent firewall.

    What I've done so far:

    • pfSense: assigned public IP to WAN interface
    • vSphere: created a new virtual switch not connected to a physical interface
    • vSphere: changed the vSwitch configuration to "ACCEPT" promiscuous mode
    • Added and enabled the new interface on pfSense, labelled as DMZ, IPv4 set to "none"
    • vSphere: added the new DMZ interface to the new virtual switch
    • pfSense: disabled outbound NAT rule generation
    • Added ANY rule to WAN and DMZ interfaces
    • No packet filtering is set on the bridge interface, only on the member interfaces

    I've got one host on the DMZ. I can see some traffic going out of the DMZ interface but I can't ping or SSH my host.

    Is there anything else I need to configure?

    Any help will be much appreciated.

    Thanks

    vSphere networking

    0_1539432858390_vmware.png

    Bridge config

    0_1539433140106_bridge.PNG

    WAN rule

    0_1539433159870_wan.PNG

    DMZ rule

    0_1539433172004_DMZ.PNG


  • Netgate Administrator

    Do you see anything blocked in the firewall log?

    Do you see any states in the state table when you try to connect through it?

    What version of pfSense are you running? pfSense 2.4.4 is built on FreeBSD 11.2 and ESXi only supports that from v6.5 officially.
    https://www.vmware.com/resources/compatibility/search.php?deviceCategory=software&details=1&operatingSystems=232&productNames=15&page=1&display_interval=10&sortColumn=Partner&sortOrder=Asc&testConfig=16

    Steve