Transparent bridge firewall, what about the Lan ip address?
-
Hey
I have setup an pfsense 1.2.3 firewall running in bridge mode between WAN - LAN, right now the IP for Wan is 192.168.1.30 and the Lan is 192.168.1.31
No pfsense responces on both IP's, can i disable the IP on the Lan? Or how to only use one IP?
-
Yes, if you are bridging, you only need an IP on one of the interfaces. Generally, put the IP on the interface that does not have a parent interface chosen for the bridge.
In 2.0, this all changes and you set the IP on the bridge itself.
-
kc8apf:So then on only should assign a IP for the LAN interface and not the WAN. Is it possible?
-
Or only the WAN and not the LAN. I've only done bridging between WAN-OPT or LAN-OPT before. I know it's possible with FreeBSD, but I've never tried it with pfSense.
-
Setting an IP on WAN and bridging LAN to WAN is usually the better way.
It should be logically (to you) equivalent to having an IP on LAN and bridging WAN to LAN but technically it works differently in some ways.
-
jimp
I looks like a have to assign a IP on both interfaces, also when bridging the LAN to WAN, then the system will end up using 2 global IPs
-
I believe it's possible to use private rfc1918 addresses for wan and lan when doing LAN-to-WAN bridge (and use public IPs on hosts behind the firewalll) or am I completely wrong?
-
You can only have one IP on a pair of bridged interfaces, or else you can (and will) have problems.
-
Thats right. Haw checked now. I can only assign an IP for the WAN.