Firewall interface selection with bridged interfaces?

  • I have the OPT interface bridged with the LAN interface, so that the pfSense box acts as a mini switch. The cable on the LAN leads to a web server, the cable on the OPT interface leads to a NAT router with all my private stuff behind it. Internet connection is via PPPoE.
    The subnect on LAN/INT is public address space, so no NAT is involved.
    The docs (this is pfSense 1.2.3-RELEASE on an alix board) say that the firewall rules associated with the incoming interface are used.
    With traffic incoming on OPT and going to LAN I can indeed see the rules associated with OPT being used (as the log shows).

    However, with traffic incoming on OPT going to the WAN I can only see rules associated with LAN firing, not the ones associated with OPT.
    The log entries show the interface as LAN, but the source IP is the one from the host attached to OPT.
    Is this as expected?


Log in to reply