Transparent mode not working



  • Hi Group

    I have pfsense box 2.0 RC1 with 2 NICS and trying to put it into transparent mode but I'm unable to do it. I've been reading the following resources

    http://forum.pfsense.org/index.php/topic,42412.0.html
    http://pfsense.trendchiller.com/transparent_firewall.pdf
    http://ricondefreebsd.blogspot.com/2007/04/pfsensebridge-y-no-morir-en-el-intento.html

    And all are out-of-date due to version 1.2.3 (except for the first one).

    I make the following steps:

    1- set WAN IP address statically
    2- set LAN ip address to "none"
    3- create a new bridge interface (LAN, WAN)
    4- set WAN IP address to "none"
    5- configure pfsense to bridge (advanced tunnables)

    But I got offline  :(

    Also I've been turned off NAT, erased the NAT rules.

    What am I doing wrong?

    Thanks in advance



  • I'm actually having a similar problem with transparent mode and haven't received any responses, but I made it a little further than you

    Hosts on the lan side of my box were able to reach out and I believe things went the other way as well, my only issue was that I was unable to access the WebGUI/SSH from the WAN side.

    One difference I noticed in our procedures is rather than erasing the NAT rules, I checked the "Do not NAT" box within each ruleset configuration. Not sure if that is what you did, but that's one difference I noticed.

    I also did not set the Wan IP to "none".

    You also may want to try setting up the bridge as an actual interface (add an interface in the assignment screen) i.e. OPT1 -> BRIDGE0 or similar, and then try applying rules to that interface. Also watch your system firewall logs to see what rules, if anything, are preventing your traffic from flowing.

    Unfortunately since I haven't completely gotten it working myself, I can't be of much more help. It took me a while to get it to pass traffic, but accessing WebGUI/SSH from WAN seems to be impossible.



  • I am using pfSense as a transparent firewall for public IPs.

    Some words about the configuration:
    WAN is configured as normal - static
    LAN has no IP
    OPT1 is for management purposes - static with dhcp server

    I assigned a bridge between LAN and WAN, no further options.
    No modifications with tunables.
    Firewall: LAN and OPT1 are allowed to go everywhere, WAN is restricted to some ports.

    The pfSense web interface is reachable from the internet.
    Maybe your step 4 is wrong.

    Are you using VMware? (needs some additional config in VMware vSwitch)
    Have you rebooted after setting up the bridge?



  • Hi Group

    Thanks filnko. Is working now.

    I just used in my pfsense box and is working very well with 1024k/512k cable modem. http://forum.pfsense.org/index.php/topic,42003.0.html

    I did all the steps but OPT1 without dhcp server.I  wasn't usign VMware at all.

    Let me ask you if is there some backdraws in case we do not set tunnables for transparent mode? Is very rare that all howtos say we have to do it and apparently works pretty well without it.

    Thanks in advance.



  • Great to hear that.

    I have no clue about the tunnables - just tried it and it works perfect for protecting webservers over 3 month at 1-2gb traffic per day now.


Log in to reply