Bridge Mode
-
Hello.
I know there are many posts around like this one, but none of them have been any help to me in figuring this problem out. I've tried on both v1.2.3 and 2.0 RC1.
My question is, how in the world can I setup pfsense as just a firewall/bridge while allowing me to run multiple servers through a switch connected to pfsense using external IPs? I've been able to setup pfsense on one of my IPs, but beyond that I cannot get it working to allow my servers to access the web using a static IP.
-
Hey Cruncy Toast,
Just wondering if you ever got this to work. I have the same sort of question with no answers yet. :(
-
http://forum.pfsense.org/index.php/topic,36667.msg189002.html
You guys have me starting up my test box now… See what ya did!! ;D
Im gonna go test my theories and be back!
-
I gave up on it lol.
Now with a reply, I may try to implement it again. I've got CSF running on my cPanel server.
What kind of rules should I setup for firewall to let the traffic pass from WAN to LAN without problem?
I'm hoping this will implement without major issue into my setup.
-
Hey Crunchy,
What's going on? What I am doing is setting up CPanel and we need Public IP's on our CPanel Server just like you. I am also going to use CSF Firewall but we would like an additional Hardware Firewall in front of our box. It's a long story.
In a nutshell, I want to have 100 Servers behind our PFsense Firewall and every single one of them wants to have it's own Public IP address. Sounds like a complicated Bridge situation to me but with a Server with an SSD and 8GB of RAM, it should be more than good to handle it. Just need to figure out how to use this PFsense Firewall to set this up.
Keep you posted on progress.
-
I seem to have hit a brick wall now. With CSF and Mod_Security and some other stuff running I can't seem to access my domains. I can access cPanel through my IP though lol. I'm waiting on a reply on cPanel forums. After I fix this issue, I'll be attempting this.
-
Okay. Got my cPanel back up and running. Gonna give this a try.
-
Let me know what happens. Looking forward.
-
Sorry it took me so long. Had to wait for a day off. I was dead tired lol.
Anyways, I got it working although after I bridged connections the WAN IP was changed from the public static to 192.168.1.101. In order to reach the GUI I have to disable my static IP on the client system then aquire an IP with pfsense DHCP. Also, while testing I assigned LAN to BRIDGE0 and now I can't access the GUI at all lol.
-
Nevermind. Fixed it.
I was able to access the GUI by using the IP assigned to WAN then I reversed the BRIDGE0 assignment from LAN and put it on WAN then went back into WAN interface and made sure the external IP was still there the punched save. Now I can access the GUI by using the external IP I assigned to it, and DHCP clients from pfsense can now access the web.
Thanks for the info chpalmer
EDIT
Plus I noticed that the pfsense server initially couldn't access the outside internet. I had to go to System -> General Setup and assign the WAN gateway to my DNS servers.
EDIT 2
After I did an update, the system broke. DHCP clients can no longer access the web, but static IP clients can.
EDIT 3
After tweaking with random stuff and not knowing wtf…..it works after all settings were left where they were in EDIT 1
-
So glad this worked. I am going to try it in the next few day and will let you know what happens. In a nutshell, you now have a Cpanel server behind a hardware firewall. Congratulations.
-
Actually, I didn't ever put any of my servers behind this yet. I'm going to wait until pfsense 2 final is released as it was still kind of glitchy off and on. I just hooked a test machine to it. There were times where it worked, then where it wouldn't work (as my edits show).
-
Crunchy,
You just saved me a million headaches. I though this was in final release and out of Beta. 1.2.3 seems to be super duper stable and I am going to ditch 2.0 for now and go back to 1.2.3 as I need this for a production environment.
When I added 1.2.3 and configured it all for bridge mode, I had the same problems. My servers behind the firewall could not access the internet. When I turned off the Firewall completely, meaning got rid of all the rules, they worked perfect. Do you have any idea of what rules need to be configured so I can have my firewall bridged and not have any problems. Let me know. Thank you for your time and saving me so many headaches.
-
You probably need rules for whatever port needed on your server, for example 80, 443, 22, 25, etc…I think on pfsense 2 I had to put the rules within the Floating rules tab. Not sure if 1.2.3 has this. I couldn't get it running on my older test system.
