Bridged Mode Firewall + Windows = Unable to access rest of subnet



  • Hi Guys,

    I followed the instructions on how to turn pf into a Bridged/Transparent firewall and for the most part it seems to be working. Here are the basic settings:

    WAN
    IP: 212.6*.6.80 / 32
    Gateway: 212.6
    .*6.1

    LAN
    IP: 212.6*.*6.80 / 24
    Bridge with: WAN

    Everything else in the instructions PDF followed including firewall settings and disabling nat etc.

    HOWEVER, my problem comes about when I configure my Windows PC's on the 'LAN' side. Here is the setting of one:

    IP: 212.6*.6.82
    Subnet: 255.255.255.0
    Gateway: 212.6
    .6.80
    DNS: 212.6
    .*6.3

    I can access the internet, but I cannot access other websites/machines that are on similar IP addresses like 212...85 (servers within my ISP's datacentre). I could almost convince myself that this is 'by design' if it wasn't for the fact that a linux machine configured with the network settings below can see all of the machines totally fine.

    IP: 212.*6.*6.84
    Netmask: 255.255.255.0
    Network: 212.*6.*6.0
    Broadcast: 212.*6.*6.255
    Gateway: 212.*6.*6.80

    Any ideas?



  • EDIT:

    It would seem that the Linux box has stopped communicating with the other servers too. Is there any way to fix this?



  • You need to use 212.6*.*6.1 as the gateway address on your hosts.

    Edit: Your WAN address setup is wrong if your subnet is /24, change it to 212.6*.*6.80 / 24



  • Cheers for that kpa. I changed the WAN subnet to 24 as suggested and tested that all machines could still see google etc. However, when i changed the gateway of the machines from .80 to .1 all internet connectivity was lost :(



  • /24 may not be the correct subnet for your WAN.  You need to speak with your ISP and ensure that you have the correct subnet mask.



  • Well i only have about 6 IP addresses on the whole range, is that the problem?

    I thought netmask of 255.255.255.0 = /24 ? Or am I totally wrong :s



  • A /24 would mean that you have .1 - .254 addresses to use yourself from the subnet (.0 and .255 reserved). If you have only 6 addresses then you probably have a /29 but it looks like your setup may not be a standard one. I second what submicron says, ask your ISP for details.


Log in to reply