Transparent firewall, cannot access WebGUI/SSH from WAN
-
Hello all,
I am currently trying to setup a transparent firewall using PFSense. Basically I am going to run a virtualized PFSense install on a XenServer box which will be used to firewall all the virtual machines from the internet.So:
Internet–--->PFSense WAN (physical interface on server)----->PFSense LAN (virtual interface, connected thru virtual switch)----->All VM interfaces
I have been able to get this working to a degree, but I am having trouble with accessing the WebGUI from the Internet (or my preferred method of being able to access SSH from the internet).
Here are some relevant log entries:
BLOCKED Nov 6 04:21:24 lo0 192.168.1.226:80 192.168.1.111:39237 TCP:SA BLOCKED Nov 6 04:21:32 lo0 192.168.1.226:22 192.168.1.111:43232 TCP:SAIn this snippit, 192.168.1.226 is the address of OPT1, which is an interface assigned to BRIDGE0, which is a bridge between WAN and LAN. 192.168.1.111 is a computer living on the WAN side attempting to access SSH/webGUI. I was not sure if I needed to assign BRIDGE0 to an interface or not, but it doesn't appear to work either way. Also, why does the WebGUI/SSH traffic originate from lo0? Do I need to setup NAT or something for this?
Also, since this is a testing setup, I have rules to allow all traffic on LAN, WAN, and OPT1.
Any suggestions?
Version:
2.0-RELEASE(amd64)
built on Tue Sep 13 17:05:32 EDT 2011Interfaces:
WAN - 192.168.1.225
LAN - 10.0.0.1
OPT1 - 192.168.1.226
The WAN network is 192.168.1.0/24 and the LAN was created solely for testing purposes.EDIT: Forgot to include that I changed the following "Tunables" based on what I've read about a transparent firewall:
net.link.bridge.pfil_member 0
net.link.bridge.pfil_bridge 1