Is transparent gateway possible?
-
Hello,
I have a situation where I need to provide a service over the internet, and my software vendor does not support NAT'ing the IP address of my servers (they require the servers to hold public IPs, not private IPs). The vendor claims that because the service was intended to be middle-ware only that it should not be NAT'd (it is Sybase EA Server Anywhere Jaguar).
My ISP has allocated me an IP block - is there a way to have my pfSense 2.0 router act as a transparent gateway so that I wouldn't have to subnet this block, or do I need to subnet this block in order to put the pfSense router in front of my servers? What would be the best thing to do in this situation?
Thanks,
Todd
-
This is a job for a bridge, a filtering bridge. You bridge WAN and LAN together and write rules based on the live IPs.
-
podilarius mentioned the way how to do it. so the answer: yes pfsense can do it
-
Hi,
OK, thanks.
So if I place the WAN and OPT interfaces in the same bridge, this won't affect the existing traffic between WAN and LAN (and IPSEC and LAN)?
Thanks,
Todd
-
When I had openBSD (running pf) I created a bridge with 6 interfaces and used that filter traffic between network segments. It just make it one big filter switch at that point.
-
My ISP has allocated me an IP block - is there a way to have my pfSense 2.0 router act as a transparent gateway
You could route the block of public IPs after disabling automatic NAT (Firewall > NAT, outbound tab, switch to manual and delete the auto-created rules for that interface)
-
Hi,
I am trying podilarius' suggestion first. I bridged OPT1 with WAN1, but now the interface status for both WAN1 and OPT1 is 'Learning':
Bridge (bridge0) learning
And on my switch, the switchport that OPT1 is connected to is in STP state 'Learning' (the switch port WAN1 is in is fortunately 'Forwarding').
The pfSense is logging over and over again:
Nov 8 16:48:35 php: : Hotplug event detected for opt1 but ignoring since interface is configured with static IP ()
Nov 8 21:48:32 check_reload_status: Linkup starting vr2
Nov 8 16:48:32 kernel: vr2: link state changed to UP
Nov 8 16:48:29 php: : The command '/sbin/ifconfig bridge0 addm vr2' returned exit code '1', the output was 'ifconfig: BRDGADD vr2: File exists'
Nov 8 21:48:29 check_reload_status: Linkup starting vr2
Nov 8 16:48:29 kernel: vr2: link state changed to DOWN
Nov 8 21:48:23 check_reload_status: Configuring interface opt1
Nov 8 16:48:23 php: : rc.newwanip: Failed to update opt1 IP, restarting…
Nov 8 16:48:23 php: : rc.newwanip: on (IP address: ) (interface: opt1) (real interface: vr2).
Nov 8 16:48:23 php: : rc.newwanip: Informational is starting vr2.
Nov 8 21:48:17 check_reload_status: rc.newwanip starting vr2
Nov 8 16:48:17 php: : Hotplug event detected for opt1 but ignoring since interface is configured with static IP ()
Nov 8 16:48:13 php: : Hotplug event detected for opt1 but ignoring since interface is configured with static IP ()
Nov 8 21:48:11 check_reload_status: Linkup starting vr2
Nov 8 16:48:11 kernel: vr2: link state changed to UPI've already tried reseating the port, does this change require a reboot?
By the way, is there an option to schedule a reboot or a firmware upgrade (I am running version 2.0-RC3 (i386) built on Thu Sep 1 11:43:03 EDT 2011)?
Thanks,
Todd
-
Hi,
I have three interfaces, WAN holds a public IP and hosts productions VPN tunnels for servers on the LAN. I also have an unused OPT interface.
Is it possible to bridge the OPT interface to the WAN interface without losing the existing functionality on the WAN interface and the VPN tunnels? When I tried this last my whole datacenter went down due to (I believe) switching issues. Would it be better if I had another public-facing interface on the pfSense router to bridge to, or another router?
Thanks,
Todd