Transparent Firewall but NO ping,dns lookup or updates

almagonx

Hi guys.
First sorry for my poor English. Im a noob on pfsense and need some ideas to resolve a problem with my configuration of a pfsense fresh install (2.5.1-RELEASE.)

I have a ISP Router that does VPN, DHCP and NAT functions yet. I cant change these status now, so I need firewall functions to filter traffic on my LAN

I follow these guide to setup a transparent firewall behind the ISP Router:
https://support.adamnet.works/t/running-on-a-transparent-pfsense-bridge/79

My conf is :

INTERNET ---> ISP Router (VPN, NAT,DHCP) ---> PFSENSE Transparent Firewall (NO NAT)---> LAN

My pfsense box has three interfaces, two bridged (WAN, OPT1) and LAN interface with a static private ip of my LAN to web administration

All its OK. My devices take dhcp conf from ISP router, can acces to internet, I can write firewall rules to allow traffic from VPN users, filter traffic from my LAN to internet ...Great!!!

But when im traying to install pfBlockerNG package (block connections from some countries , bad domains, ...) i noticed that i cant access to repositories, I tried tools like ping, dns lookup with no results.
I tried update repositories from CLI with no results.

My pfsense cant access to internet to updating tasks or download lists of bad ips for example

Then i tried to disconnect ethernet cables from interfaces bridged (WAN,OPT1) and connect only the pfsense LAN interface directly to my ISP Router. Instantly resolve the problem.

Obviously i cant change the wires everytime i need a update or install package.

I think maybe pfsense try to access to internet using WAN interface (but is bridged with OPT1 and they cant access to the gateway.These interfaces not have IP adress. Only LAN interface has a IP and assigned the gateway with the private IP of my ISP Router)

Can I force pfsense to use LAN interface in some way?
Please, someone can give me a hint?

Thanks a lot for read my too long question, sorry :-)

almagonx

Sorry I followed these guide instead.
https://users.ox.ac.uk/~clas0415/assets/Setting-up-pfSense-as-a-Stateful-Bridging-Firewall-with-commodity-hardware.pdf

stephenw10

@almagonx said in Transparent Firewall but NO ping,dns lookup or updates:

My pfsense box has three interfaces, two bridged (WAN, OPT1) and LAN interface with a static private ip of my LAN to web administration

Is that LAN IP in the same subnet as the ISP router? That would be invalid if so since that subnet is already in use for the WAN-OPT bridge but probably not defined there.

You don't actually need 3 interfaces there it just makes setup very much easier. In that linked document (which is very old) they setup the admin interface with a gateway on it in a different subnet. You don't have that available to instead you should set the LAN to a different subnet and connect to it directly with a client so you can set it up. Then assign the bridge interface itself and set that to have an IP in the WAN-OPT subnet with the ISP router as it's gateway.
That way pfSense has an interface with an IP in the correct layer 2 segment and should be able to connect out itself.

Steve

almagonx

@stephenw10
Thanks a lot for your respond.
Yes, the LAN interface is in the same subnet of router
I tought i cant assign a IP to a bridge.

I will try your instructions and will write the results here.

Thanks

almagonx

I tried your steps and YES its OK!!!. Seems now I can connet to internet from webadmin panel. (Show updates and other things)

Two things that i needed for help someone as newbie as me:

After remember setup rules that allow to access the new bridge interface

And of course assing the gateway of your subnet (My IPS router)

Thank you very much for real Stephen!!!