Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent firewall, cannot access WebGUI/SSH from WAN

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Apple_Eater
      last edited by

      Hello all,
      I am currently trying to setup a transparent firewall using PFSense. Basically I am going to run a virtualized PFSense install on a XenServer box which will be used to firewall all the virtual machines from the internet.

      So:

      Internet–--->PFSense WAN (physical interface on server)----->PFSense LAN (virtual interface, connected thru virtual switch)----->All VM interfaces

      I have been able to get this working to a degree, but I am having trouble with accessing the WebGUI from the Internet (or my preferred method of being able to access SSH from the internet).

      Here are some relevant log entries:

      BLOCKED Nov 6 04:21:24 lo0    192.168.1.226:80    192.168.1.111:39237    TCP:SA

BLOCKED Nov 6 04:21:32 lo0    192.168.1.226:22    192.168.1.111:43232    TCP:SA

      In this snippit, 192.168.1.226 is the address of OPT1, which is an interface assigned to BRIDGE0, which is a bridge between WAN and LAN. 192.168.1.111 is a computer living on the WAN side attempting to access SSH/webGUI. I was not sure if I needed to assign BRIDGE0 to an interface or not, but it doesn't appear to work either way. Also, why does the WebGUI/SSH traffic originate from lo0? Do I need to setup NAT or something for this?

      Also, since this is a testing setup, I have rules to allow all traffic on LAN, WAN, and OPT1.

      Any suggestions?

      Version:
      2.0-RELEASE(amd64)
      built on Tue Sep 13 17:05:32 EDT 2011

      Interfaces:
      WAN - 192.168.1.225
      LAN - 10.0.0.1
      OPT1 - 192.168.1.226
      The WAN network is 192.168.1.0/24 and the LAN was created solely for testing purposes.

      EDIT: Forgot to include that I changed the following "Tunables" based on what I've read about a transparent firewall:
      net.link.bridge.pfil_member 0
      net.link.bridge.pfil_bridge 1

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.