Transparent Firewall



  • Hi there, I have a bit of trouble with transparent firewalling:

    I'm trying to setup a transparent firewall between two vlans:
    WAN: Vlan0 (vl43 on em0) 208.x.x.35/29
    DMZ: Vlan1 (vl44 on em0) (No ip)
    LAN: em1 192.168.1.1
    DMZ is bridged with WAN
    pfSense 1.2.2 (also tried with 1.2.3RC1)
    The 65xx is providing internet routing (see diagram)

    Internet ISPs
                                                                        (BGP)
                                                                            |
    ManagedSW(208.x.x.37/29) –untagged vl44-- >Cisco65xx< ----(dot1q trunk VLan43-44)---- >(em0)pfSense(em1)< ---Xover--- Laptop(192.168.1.254/24)

    At the other end of the vlan44 I have a managed switch that I use to do tests that has IP 208.x.x.37/29.
    I put some wild rules: Allow anything from wan to anywhere; allow anything from dmz interface to anywhere

    From the laptop I can go to the internet without any problems but can't ping managed sw.
    Sw can't ping gateway (208.x.x.33) nor wan interface of pfSense (208.x.x.35).

    arp tables in pfSense are empty other than gateway and laptop
    arp tables on Cisco65xx for vl43 only See's pfsense Wan interface

    without bridging, if I set an ip 172.16.0.1 on the dmz int  and ip address 172.16.0.2 on the managed switch at the other end of vl44 all goes well ping is ok from both devices... (So it's not a vlan or switch config issue)

    What the hell is wrong !? ... Thanks for helping



  • May I ask…have you double check on the Gateway IP.

    I used to have similar issues when I overlooked the gateway IP.


Log in to reply