Accessing pfSense UI through transparent bridge
I'm with the latest 2.0 (august 11th, evening edition), and am running a transparent bridge (with success). I'd like the bridge to be just a tiny bit less transparent through. I'd like to be able to access the pfSense UI from a specific IP, using port 8080. So anything else would be send through the bridge, BUT the if I try to access 8080 from that IP I would get to the pfSense UI.
How do I do this? I've tried using nat rules to send this to a third interface (a management port) by IP address, but that didn't seem to work, likely because a bridge doesn't actually do any NAT.
I Just did this a while ago, bridging LAN and WAN and created OPT1 as my bridge.
1. and changed system -> advanced -> tunables.
net.link.bridge.pfil_member = 0
net.link.bridge.pfil_bridge = 1
So i can play the filtering on bridge_if
2. leave wan and lan pass * from any to any.
3. make your WAN static IP either the same subnet of your network or different subnet that you like.
4. change your webgui port to 8080 if thats what you want at system->advance changing tcp port for your webgui.
5. play around with the rules if you can access your webgui on port 8080, and allow your source address to destination port 8080.
After reading your message I think I managed to configure a bridge with no understanding of the concept whatsoever…
Here is what I don't get. Since this is a transparent bridge, I did not set any IP address for both WAN and OPT1. Only LAN (as the management port) has an IP address (and is connected to the internet network like a laptop would be) to allow me to access UI.
So the cabling looks like this:
Cable modem --WAN pfSense -(only traffic shaping, everything is at PASS) -- OPT1 pfSense ----- Some Cisco router ------- LAN ---- Laptops, etc, and the pfSense management port is plugged right here too.
Should I put an IP address on both the WAN and OPT1 ports? And those addresses, should be what exactly? LAN addresses? Another WAN address (I should ask my ISP for another?). If I put a LAN address (192.168.1.5 lets say) on the WAN how do I access the UI remotely? Obviously not using 192.168.1.5
I don't quite understand the tunables variables you want me to change. The UI description isn't clear to me. What exactly does that accomplish and change?
Sorry, I've understood traffic shaping after a lot of playing around, but this is turning into something almost as confusing.
Since its in bridge mode, no need to specify IP address on whichever Interface, only that you need some management interface access, so either you put address on LAN, WAN, or OPT1.
I choose WAN in my case and put a public address (live) so i can remote it from anywhere meaning LAN or WAN side.
If your cable modem able you to PortFoward/Tunnel you, then you dont need live ip address on pfSense just a member host of the current subnet of the cable modem.
The tunables on the other hand is just changing the filtering/shaping mode not using the member of the bridge (lan, wan) but to the bridge interface itself.
Ok, then this is what I did (excepted I used LAN for the management port).
The only thing is, LAN having 192.168.1.2 as the mgmt address, and the pfSense being a bridge from WAN to OPT1, how do I access the UI through the WAN port? (i.e.: from a remote location?)
Is there a trick, or do I need to port forward using my Cisco (simple enough, but I wanted to keep the Cisco out of the pfSense issues)
Whatever subnet is accessible from remote can be used to any interface in the pfSense.
So i think its the cable modem lan subnet. I dont really know whats your exact setup so im just guessing.