How To Bridge PFsense 2.0 RC3
darklogic last edited by
Ok, here goes. I have done some searching on the forums and have yet to find a clear cut way of creating a transparent filtering firewall under the pfsense 2.0 platform. From reading changes from 1.2.3-RELEASE to 2.0, I guess bridging is enabled already??? In 1.2.3-RELEASE, bridging seemed to be straight forward, you would go to the Interfaces and select LAN and say bridge with WAN and then have a local IP for administration purposes only.
Here is my task at hand. I have an Astaro UTM in front of my pfsense box. The 2 systems are both supermicro rack servers with an Intel Atom 330 with dual 10/100/1000 NIC's, which means I can only have a LAN and WAN, no room for OPT interfaces. I want to be able to pass traffic through my pfsense box to my Astaro LAN interface to the Astaro WAN out to the Internet. I also want my Internal systems to be able to recieve DHCP from the Astaro LAN back through the pfsense box, hence the purpose of the word transparent. I know this work when using Astaro with Untangle in transparent bridge mode, But I like pfsense better than Untangle when it comes to grainular packet filtering rules.
I would like to know if anyone has a step-by-step instruction of how to do this using PFsense 2.0 RC3? If so please do not assume just because you know how to do it, everyone else know so skipping that step is assumed to be everyone should know that. Obviously if I knew then I would not be asking for help, "right"!!! Anyways, if anyone could help my ignorance to figure this out, I would really appreciate it.
GruensFroeschli last edited by
1: Interfaces –> assign --> bridges.
2: Create a bridge and add all interfaces you want as member.
3: Interfaces --> assign
4: Assign the bridge you just created. The bridge is treated like a normal interface. Configure IP's on this interface
(5:) Assign the interfaces which are member of the bridge. Set their IPs as "none".
(6:) Create firewall rules on the member-interfaces of the bridge to allow traffic.
If you only have 2 interfaces it might be a problem to configure it like this.
In this case you could, as an alternative, give an IP to the LAN interface don't assign the bridge and set the IP of the WAN to none.