Network Bridging
-
Hi guys.
I am new in Pfsense.
Here is a quick question:After I installed the pfsense ISO into my desktop (with 2 NICs), and I want it to be a a transparent firewall.
I set each step from this link: http://doc.pfsense.org/index.php/Tutorials
But I found all the setting is all right but except the "Enable filter bridge" can not be selected under "filtering bridge" in System-> Advance.
It reads:
This setting no longer exists as it is unnecessary. Filtering occurs on the member interfaces of the bridge and cannot be disabled.And Issue 2:
I skip to select "filtering bridge" and finish the rest setting, I can ping pfsense IP (WAN static IP) within LAN network but can not from WAN network.
Is there any setting I missed to enable that?
Thanks! :D…
Hi Guys, I have fixed the issue 2. It caused by I set two same IP addr for LAN and WAN IP.
And I change the LAN IP for a different one, I can ping from WAN.
But there is another issue comes out.
After I reboot the pfsense, the bridge will drop down (Means I can access webconfig and ping to it from LAN, but can not from WAN side)Unless I acess the webconfig, save the "Interfaces" ->WAN, "Interfaces" ->LAN, and it be normal as before I reboot it.
(When I click Save, the command screen shows:
bridge0: Ethernet address: xx:xx:xx:xx:xx:xx
bridge0: Ethernet address: xx:xx:xx:xx:xx:xx
Seems the bridge take effect again. And I can ping and access webconfig from WAN again.
)
I have check the setting in XML:- <interfaces>- <lan><if>fxp0</if>
<ipaddr>192.168.206.8</ipaddr>
<subnet>24</subnet>
<media><mediaopt><bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<bridge>wan</bridge>
<disableftpproxy></disableftpproxy></mediaopt></media></lan> - <wan><if>rl0</if>
<mtu><media><mediaopt><bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<spoofmac><disableftpproxy><ipaddr>192.168.206.6</ipaddr>
<subnet>24</subnet>
<gateway>192.168.206.254</gateway></disableftpproxy></spoofmac></mediaopt></media></mtu></wan></interfaces>
Seems like no any problem.
But why the bridge will drop down after I reboot pfsense?
Or I missed to config someting?
Looking forward your reply. Thanks in advance!Hi Guys, I have solved all my problems myself.
And Shared some experience to you all:
1, Don't set the same subnet in LAN interface compare to your WAN interface when you set bridge in Pfsense. Otherwise the bridge will drop down after you reboot pfsense. (That is you can access pfsense in LAN interface but can not from WAN interface. Happen to me many times, after I change the subnet for LAN interface, it becomes normal.)
2, "Enable filter bridge" happens on all bridge interfaces automatically now, so essentially the setting is checked all the time.
- <interfaces>- <lan><if>fxp0</if>
-
The transparent firewall HOWTO says
Keep in mind that the firewall now works transparent.
This means that you also have to define what traffic is allowed to pass from the WAN-Interface.Have you added the rule(s) to allow PING traffic from the WAN?
-
The transparent firewall HOWTO says
Keep in mind that the firewall now works transparent.
This means that you also have to define what traffic is allowed to pass from the WAN-Interface.Have you added the rule(s) to allow PING traffic from the WAN?
Yes, I know that, I set Rules for WAN tap, allow all pass from WAN.
And do you know why the "Enable filter bridge" can not be selected under "filtering bridge" in System-> Advance?
Thanks for your reply.
-
Did you read the message under the setting? The setting is gone because it is no longer needed; The directions you are following are outdated.
Filtering happens on all bridge interfaces automatically now, so essentially the setting is checked all the time.
The message was left there to avoid questions like this, it's fairly self-explanatory…
-
Did you read the message under the setting? The setting is gone because it is no longer needed; The directions you are following are outdated.
Filtering happens on all bridge interfaces automatically now, so essentially the setting is checked all the time.
The message was left there to avoid questions like this, it's fairly self-explanatory…
Thanks!
