Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best practices for bridging firewall?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mobocracy
      last edited by

      I originally wanted to do a bridging firewall when I got started with pfsense-1.2.x, but could never make it work (wan<->opt1, with management on lan).

      I did some testing yesterday with 2.0-rc3 and found it was pretty easy to get working, but I was left a little puzzled about what the best practices would be for dealing with firewall rules and possibly NAT (if I wanted a semi-transparent bridging firewall setup, ie, bridge WAN-OPT1, NAT LAN->WAN at the same time).

      I initially setup the bridging between WAN<->OPT1 and found that and a floating firewall rule allowing all between OPT1 and WAN was enough to make my test client get to the internet.

      Going back later, I noticed I could add a new interface, BRIDGE1.  Is creating and/or using this interface necessary, or merely a convenience for some firewall rules you may want deployed to bridged traffic regardless of the direction of the traffic?  I seem to remember just paying close attention to IN/OUT or interface when I used a bridged firewall setup with FreeBSD (it's been a few years!).

      What about making the setup semi-transparent (opaque?)?  I assigned a static and a dynamic (from the cable modem) address to the WAN interface and I didn't notice any issues with the test system on the bridge interface, but I didn't have the resources to add another client to the LAN side and see if the bridging setup added any NAT issues.

      I love that this works so well, I'm already planning on merging a couple of firewall setups and deploying a couple more bridge-only setups elsewhere where traffic filtering is difficult.

      1 Reply Last reply Reply Quote 0
      • J
        josueharos
        last edited by

        How did you properly enable bridging. I want to setup a pfsense box as a filtering bridge using only 2 NIC (WAN – LAN) to filter traffic passing through a wireless link we have, without messing with NAT. Can you post some info about it,

        Thank you

        1 Reply Last reply Reply Quote 0
        • M
          Metu69salemi
          last edited by

          @josueharos:

          How did you properly enable bridging. I want to setup a pfsense box as a filtering bridge using only 2 NIC (WAN – LAN) to filter traffic passing through a wireless link we have, without messing with NAT. Can you post some info about it,

          Thank you

          You should consider third interface for management

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.