Transparent firewall, cannot access WebGUI/SSH from WAN



  • Hello all,
    I am currently trying to setup a transparent firewall using PFSense. Basically I am going to run a virtualized PFSense install on a XenServer box which will be used to firewall all the virtual machines from the internet.

    So:

    Internet–--->PFSense WAN (physical interface on server)----->PFSense LAN (virtual interface, connected thru virtual switch)----->All VM interfaces

    I have been able to get this working to a degree, but I am having trouble with accessing the WebGUI from the Internet (or my preferred method of being able to access SSH from the internet).

    Here are some relevant log entries:

    BLOCKED Nov 6 04:21:24 lo0    192.168.1.226:80    192.168.1.111:39237    TCP:SA
    
    BLOCKED Nov 6 04:21:32 lo0    192.168.1.226:22    192.168.1.111:43232    TCP:SA
    

    In this snippit, 192.168.1.226 is the address of OPT1, which is an interface assigned to BRIDGE0, which is a bridge between WAN and LAN. 192.168.1.111 is a computer living on the WAN side attempting to access SSH/webGUI. I was not sure if I needed to assign BRIDGE0 to an interface or not, but it doesn't appear to work either way. Also, why does the WebGUI/SSH traffic originate from lo0? Do I need to setup NAT or something for this?

    Also, since this is a testing setup, I have rules to allow all traffic on LAN, WAN, and OPT1.

    Any suggestions?

    Version:
    2.0-RELEASE(amd64)
    built on Tue Sep 13 17:05:32 EDT 2011

    Interfaces:
    WAN - 192.168.1.225
    LAN - 10.0.0.1
    OPT1 - 192.168.1.226
    The WAN network is 192.168.1.0/24 and the LAN was created solely for testing purposes.

    EDIT: Forgot to include that I changed the following "Tunables" based on what I've read about a transparent firewall:
    net.link.bridge.pfil_member 0
    net.link.bridge.pfil_bridge 1


Locked