Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent / Bridge mode with filtering

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ttanemori3
      last edited by

      Hello. I searched the forum to understand how to enable transparent firewall. I have a couple of servers which need global static IP.

      I gathered the information, and is it all OK? This is to explain to make a bridge between WAN and LAN.

      1. Fresh Install
          WAN:  Add your IP address, subnet and gateway. (To access WebGUI)
          LAN:  Set IP Address to "None" (You're only using this as a bridge member interface)
      2. Interface –> Assign --> Bridges
        - Create a new bridge
            BRIDGE0 (LAN,WAN)
      3. Interface --> Assign
          - Create a new interface and assign the bridge
          New Interface --> Bridge (BRIDGE0)
      4. Enable and set IP to Bridge New interface
      5. Create a rule on BRIDGE and LAN [ UDP 0.0.0.0 68 255.255.255.255 67 ]
      6. Create a rule on LAN [Any LAN Subnet *  * *]
      7. Set IP Address of WAN to "NONE"
      8. Set under System->Advanced->Tunables
          net.link.bridge.pfil_member = 0
          net.link.bridge.pfil_bridge = 1

      Basically, WAN and LAN should not have IP address, but on Bridge interface, correct?

      Honestly speaking, I do not understand step #5 and #6. Are they necessary like that?

      My server has more LAN interfaces and one DMZ. If I perform above, will it affect any existing configuration?

      I think documentation of transparent firewall is important. For example, I use WHM/cPanel as a web server, which does not work under NAT.

      Can anybody verify my information above?

      Thank you very much.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        Option 5 is for dhcp client requests.

        I saw some network issues when using a firewall with transparent and non transparent interfaces.

        You must test to see if it works on your setup.

        Some times is better having two pfsense boxes for better setup.

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • T
          ttanemori3
          last edited by

          I see. Thank you very much!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.