Transparent Firewall

infinity_

Hi there, I have a bit of trouble with transparent firewalling:

I'm trying to setup a transparent firewall between two vlans:
WAN: Vlan0 (vl43 on em0) 208.x.x.35/29
DMZ: Vlan1 (vl44 on em0) (No ip)
LAN: em1 192.168.1.1
DMZ is bridged with WAN
pfSense 1.2.2 (also tried with 1.2.3RC1)
The 65xx is providing internet routing (see diagram)

Internet ISPs
                                                                    (BGP)
                                                                        |
ManagedSW(208.x.x.37/29) –untagged vl44-- >Cisco65xx< ----(dot1q trunk VLan43-44)---- >(em0)pfSense(em1)< ---Xover--- Laptop(192.168.1.254/24)

At the other end of the vlan44 I have a managed switch that I use to do tests that has IP 208.x.x.37/29.
I put some wild rules: Allow anything from wan to anywhere; allow anything from dmz interface to anywhere

From the laptop I can go to the internet without any problems but can't ping managed sw.
Sw can't ping gateway (208.x.x.33) nor wan interface of pfSense (208.x.x.35).

arp tables in pfSense are empty other than gateway and laptop
arp tables on Cisco65xx for vl43 only See's pfsense Wan interface

without bridging, if I set an ip 172.16.0.1 on the dmz int  and ip address 172.16.0.2 on the managed switch at the other end of vl44 all goes well ping is ok from both devices... (So it's not a vlan or switch config issue)

What the hell is wrong !? ... Thanks for helping

Davc

May I ask…have you double check on the Gateway IP.

I used to have similar issues when I overlooked the gateway IP.