Transparent / Bridge mode with filtering



  • Hello. I searched the forum to understand how to enable transparent firewall. I have a couple of servers which need global static IP.

    I gathered the information, and is it all OK? This is to explain to make a bridge between WAN and LAN.

    1. Fresh Install
        WAN:  Add your IP address, subnet and gateway. (To access WebGUI)
        LAN:  Set IP Address to "None" (You're only using this as a bridge member interface)
    2. Interface –> Assign --> Bridges
      - Create a new bridge
          BRIDGE0 (LAN,WAN)
    3. Interface --> Assign
        - Create a new interface and assign the bridge
        New Interface --> Bridge (BRIDGE0)
    4. Enable and set IP to Bridge New interface
    5. Create a rule on BRIDGE and LAN [ UDP 0.0.0.0 68 255.255.255.255 67 ]
    6. Create a rule on LAN [Any LAN Subnet *  * *]
    7. Set IP Address of WAN to "NONE"
    8. Set under System->Advanced->Tunables
        net.link.bridge.pfil_member = 0
        net.link.bridge.pfil_bridge = 1

    Basically, WAN and LAN should not have IP address, but on Bridge interface, correct?

    Honestly speaking, I do not understand step #5 and #6. Are they necessary like that?

    My server has more LAN interfaces and one DMZ. If I perform above, will it affect any existing configuration?

    I think documentation of transparent firewall is important. For example, I use WHM/cPanel as a web server, which does not work under NAT.

    Can anybody verify my information above?

    Thank you very much.



  • Option 5 is for dhcp client requests.

    I saw some network issues when using a firewall with transparent and non transparent interfaces.

    You must test to see if it works on your setup.

    Some times is better having two pfsense boxes for better setup.



  • I see. Thank you very much!


Log in to reply