Transparent firewall, cannot access WebGUI/SSH from WAN

  • Hello all,
    I am currently trying to setup a transparent firewall using PFSense. Basically I am going to run a virtualized PFSense install on a XenServer box which will be used to firewall all the virtual machines from the internet.


    Internet–--->PFSense WAN (physical interface on server)----->PFSense LAN (virtual interface, connected thru virtual switch)----->All VM interfaces

    I have been able to get this working to a degree, but I am having trouble with accessing the WebGUI from the Internet (or my preferred method of being able to access SSH from the internet).

    Here are some relevant log entries:

    BLOCKED Nov 6 04:21:24 lo0    TCP:SA
    BLOCKED Nov 6 04:21:32 lo0    TCP:SA

    In this snippit, is the address of OPT1, which is an interface assigned to BRIDGE0, which is a bridge between WAN and LAN. is a computer living on the WAN side attempting to access SSH/webGUI. I was not sure if I needed to assign BRIDGE0 to an interface or not, but it doesn't appear to work either way. Also, why does the WebGUI/SSH traffic originate from lo0? Do I need to setup NAT or something for this?

    Also, since this is a testing setup, I have rules to allow all traffic on LAN, WAN, and OPT1.

    Any suggestions?

    built on Tue Sep 13 17:05:32 EDT 2011

    WAN -
    LAN -
    OPT1 -
    The WAN network is and the LAN was created solely for testing purposes.

    EDIT: Forgot to include that I changed the following "Tunables" based on what I've read about a transparent firewall: 0 1

Log in to reply