Transparent / Bridge mode with filtering
Hello. I searched the forum to understand how to enable transparent firewall. I have a couple of servers which need global static IP.
I gathered the information, and is it all OK? This is to explain to make a bridge between WAN and LAN.
1. Fresh Install
WAN: Add your IP address, subnet and gateway. (To access WebGUI)
LAN: Set IP Address to "None" (You're only using this as a bridge member interface)
2. Interface –> Assign --> Bridges
- Create a new bridge
3. Interface --> Assign
- Create a new interface and assign the bridge
New Interface --> Bridge (BRIDGE0)
4. Enable and set IP to Bridge New interface
5. Create a rule on BRIDGE and LAN [ UDP 0.0.0.0 68 255.255.255.255 67 ]
6. Create a rule on LAN [Any LAN Subnet * * *]
7. Set IP Address of WAN to "NONE"
8. Set under System->Advanced->Tunables
net.link.bridge.pfil_member = 0
net.link.bridge.pfil_bridge = 1
Basically, WAN and LAN should not have IP address, but on Bridge interface, correct?
Honestly speaking, I do not understand step #5 and #6. Are they necessary like that?
My server has more LAN interfaces and one DMZ. If I perform above, will it affect any existing configuration?
I think documentation of transparent firewall is important. For example, I use WHM/cPanel as a web server, which does not work under NAT.
Can anybody verify my information above?
Thank you very much.
marcelloc last edited by
Option 5 is for dhcp client requests.
I saw some network issues when using a firewall with transparent and non transparent interfaces.
You must test to see if it works on your setup.
Some times is better having two pfsense boxes for better setup.
I see. Thank you very much!