Problem with transparent Bridge WAN<->OPT1

  • Hey :-)

    I've been using M0n0 for some time, but now for a new set of servers
    I wanted to try out pfSense (Rc2a), as I like the Interface and the addon Packages…

    I have already set up a similiar network-config with M0n0, but I am having
    problems setting this up with pfSense...

    I've got an HP-Server, equipped with 2 Dual-Port Intel Pro 1000/MT

    They are assigned to

    • LAN
    • WAN (80.xx.xx.2)
    • OPT1
    • OPT2 (not connected yet, later for CARP)

    The LAN (10.x.x.x) is working perfect, I can go online and
    all LAN-Clients can ping each other.

    The OPT1 makes problems, though:

    The Servers which are located in OPT1 have external Adresses
    (they are in the WAN-Space, e.g. 80.xx.xx.3, 80.xx.xx4, etc.) that's
    why I have bridged OPT1 with WAN, activated the "filtering bridge"
    and made two rules into OPT1:
    block:  *  *  *  LAN net  *  *  Block anything TO LAN 
    allow:  * * * *             *      *   Allow to anywhere else
    (Before this, I only had one rule which was allow anything BUT Lan...
    But I got an information that the negation-rules could have a bug, so I changed
    to the two rules above...)

    The situation is now that all servers in OPT1 can ping each other,
    but NOT the OPT1-IP of pfsense and cannot go online :-(
    Also pfsense cannot ping the OPT1-Servers...

    The Servers have the WAN-IP as DNS and Gateway set up...

    It would be great if you could help me as I already got problems here
    because I didn't just use M0n0 again, but something else...
    But I personally would like to use pfSense  ;)

    So thanks a lot for your help and support :-)

  • Try enabling System -> Advanced -> Static route filtering

  • That did not work  :'(

    Do you have any other idea?

    What I don't understand is why would I need different
    settings than those I "copied" from M0n0?

    Isn't pfSense derived from Mono-Wall?

    I really hope to get this working today    :-\

    Thanks for your help!


Log in to reply