Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridged Mode Firewall + Windows = Unable to access rest of subnet

    General pfSense Questions
    3
    7
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jimxms
      last edited by

      Hi Guys,

      I followed the instructions on how to turn pf into a Bridged/Transparent firewall and for the most part it seems to be working. Here are the basic settings:

      WAN
      IP: 212.6*.6.80 / 32
      Gateway: 212.6      .*6.1

      LAN
      IP: 212.6*.*6.80 / 24
      Bridge with: WAN

      Everything else in the instructions PDF followed including firewall settings and disabling nat etc.

      HOWEVER, my problem comes about when I configure my Windows PC's on the 'LAN' side. Here is the setting of one:

      IP: 212.6*.6.82
      Subnet: 255.255.255.0
      Gateway: 212.6      .6.80
      DNS: 212.6      .*6.3

      I can access the internet, but I cannot access other websites/machines that are on similar IP addresses like 212...85 (servers within my ISP's datacentre). I could almost convince myself that this is 'by design' if it wasn't for the fact that a linux machine configured with the network settings below can see all of the machines totally fine.

      IP: 212.*6.*6.84
      Netmask: 255.255.255.0
      Network: 212.*6.*6.0
      Broadcast: 212.*6.*6.255
      Gateway: 212.*6.*6.80

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • J
        jimxms
        last edited by

        EDIT:

        It would seem that the Linux box has stopped communicating with the other servers too. Is there any way to fix this?

        1 Reply Last reply Reply Quote 0
        • K
          kpa
          last edited by

          You need to use 212.6*.*6.1 as the gateway address on your hosts.

          Edit: Your WAN address setup is wrong if your subnet is /24, change it to 212.6*.*6.80 / 24

          1 Reply Last reply Reply Quote 0
          • J
            jimxms
            last edited by

            Cheers for that kpa. I changed the WAN subnet to 24 as suggested and tested that all machines could still see google etc. However, when i changed the gateway of the machines from .80 to .1 all internet connectivity was lost :(

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              /24 may not be the correct subnet for your WAN.  You need to speak with your ISP and ensure that you have the correct subnet mask.

              1 Reply Last reply Reply Quote 0
              • J
                jimxms
                last edited by

                Well i only have about 6 IP addresses on the whole range, is that the problem?

                I thought netmask of 255.255.255.0 = /24 ? Or am I totally wrong :s

                1 Reply Last reply Reply Quote 0
                • K
                  kpa
                  last edited by

                  A /24 would mean that you have .1 - .254 addresses to use yourself from the subnet (.0 and .255 reserved). If you have only 6 addresses then you probably have a /29 but it looks like your setup may not be a standard one. I second what submicron says, ask your ISP for details.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.