2 pfsense transparent bridge firewalls fed from same switch
-
I have a single connection from my co-lo. That connection is hooked to a switch. That switch feeds my current pfsense firewall and feeds another switch with a few machines that don't want to be behind the firewall (due to rules we have that they don't like). I want to add another pfsense transparent bridge firewall with some sort of bandwidth tracking (ntop/bandwidthd) to keep track of what the non firewalled servers use but not block any traffic. All ips are public and we do not run any NAT or DHCP. When I set up the second machine with rules set for all traffic to pass (no blocking at all) and I place it between the switch that feeds the other pfsense box and the switch that feeds my non firewalled servers, all traffic stops even that through the existing pf sense box.
What I have now looks like this:
co-lo gateway (62.123.203.1)
|
HP Switch (62.123.203.7) -> HP switch (unmanaged)->Non firewalled servers (62.123.203.136,250,251)
|
Current PFsense 1.2.3 transparent bridge FW (62.123.203.254[wan], 62.123.203.253[lan])
|
Unmanaged switches -> Servers all with public ips in range (62.123.203.0/24)The problem occurs when I plug in the second pfsense box in between the managed HP switch and the HP unmanaged switch. All traffic is stopping on both legs of the network at both pfsense boxes. The second pfsense box has the IPs set to 62.123.203.244[wan] and 62.123.203.243[lan]. I have made sure there are no IP address conflicts.
What could I be doing wrong here?
Thanks
Bob
-
your second box is 62.123.203.244[wan] and 62.123.203.243[lan] as i see from your post.
you can try to put 192.168.1.1 for example on LAN and just setup static routes for each of your ip`s.
-
Can't have any NAT going on. The boxes need to have the Ips bound to the local interfaces.
The question is why do the 2 pfsense boxes interfere with each other?