Transparent Bridge Question
-
Ok i set up a LAN / WAN bridge. I have been working on this for a while and testing everything. When i tested it i could assign a Public IP to a server and do traffic shaping rules ect. By default it seemed to let everything through on the ip unless i set a rule up to block it. This is perfect for what i need. Well this seems to go against everything i have read on this forum. Well i finally put this machine into production and low and behold the exact opisite happened.. every port was blocked by default. So my question is .. how can i allow all traffic to pass to the public ips behind pfsense? For instance.. if i have to ips 1.1.1.2 and 1.1.1.3 how can they both use port 80?
-
Just to update.. I rebooted the server and now it is working how it was before in the lab. No ports are blocked unless i put a rule in to block them (which is what i want) Seems to have a mind of its own!!
-
There can be differing behavior with bridging depending on what IPs you have assigned where and what systems are using as their default gateway (which should be the upstream router, never pfSense itself when bridging). Systems get filtered on the interface where their MAC resides in the ARP table, where you have an IP in that subnet locally assigned, so if WAN is on the same subnet as the hosts behind the bridge, then WAN rules may apply rather than the inside interface's rules for their egress traffic.
-
Ok that makes sense . I was applying the rules to the bridge interface its self. The wan and the the servers behind the firewall connect to the same gateway. So i want to be clear. By default all in bound traffic is blocked just like nat? IF that is the case how can i setup open the same ports to different ips? For instance if i have a web server on 99.98.99.45 and on 99.98.99.44 how can i pass port 80 to both?