Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent mode not working

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cabo81
      last edited by

      Hi Group

      I have pfsense box 2.0 RC1 with 2 NICS and trying to put it into transparent mode but I'm unable to do it. I've been reading the following resources

      http://forum.pfsense.org/index.php/topic,42412.0.html
      http://pfsense.trendchiller.com/transparent_firewall.pdf
      http://ricondefreebsd.blogspot.com/2007/04/pfsensebridge-y-no-morir-en-el-intento.html

      And all are out-of-date due to version 1.2.3 (except for the first one).

      I make the following steps:

      1- set WAN IP address statically
      2- set LAN ip address to "none"
      3- create a new bridge interface (LAN, WAN)
      4- set WAN IP address to "none"
      5- configure pfsense to bridge (advanced tunnables)

      But I got offline  :(

      Also I've been turned off NAT, erased the NAT rules.

      What am I doing wrong?

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • A Offline
        Apple_Eater
        last edited by

        I'm actually having a similar problem with transparent mode and haven't received any responses, but I made it a little further than you

        Hosts on the lan side of my box were able to reach out and I believe things went the other way as well, my only issue was that I was unable to access the WebGUI/SSH from the WAN side.

        One difference I noticed in our procedures is rather than erasing the NAT rules, I checked the "Do not NAT" box within each ruleset configuration. Not sure if that is what you did, but that's one difference I noticed.

        I also did not set the Wan IP to "none".

        You also may want to try setting up the bridge as an actual interface (add an interface in the assignment screen) i.e. OPT1 -> BRIDGE0 or similar, and then try applying rules to that interface. Also watch your system firewall logs to see what rules, if anything, are preventing your traffic from flowing.

        Unfortunately since I haven't completely gotten it working myself, I can't be of much more help. It took me a while to get it to pass traffic, but accessing WebGUI/SSH from WAN seems to be impossible.

        1 Reply Last reply Reply Quote 0
        • F Offline
          filnko
          last edited by

          I am using pfSense as a transparent firewall for public IPs.

          Some words about the configuration:
          WAN is configured as normal - static
          LAN has no IP
          OPT1 is for management purposes - static with dhcp server

          I assigned a bridge between LAN and WAN, no further options.
          No modifications with tunables.
          Firewall: LAN and OPT1 are allowed to go everywhere, WAN is restricted to some ports.

          The pfSense web interface is reachable from the internet.
          Maybe your step 4 is wrong.

          Are you using VMware? (needs some additional config in VMware vSwitch)
          Have you rebooted after setting up the bridge?

          1 Reply Last reply Reply Quote 0
          • C Offline
            cabo81
            last edited by

            Hi Group

            Thanks filnko. Is working now.

            I just used in my pfsense box and is working very well with 1024k/512k cable modem. http://forum.pfsense.org/index.php/topic,42003.0.html

            I did all the steps but OPT1 without dhcp server.I  wasn't usign VMware at all.

            Let me ask you if is there some backdraws in case we do not set tunnables for transparent mode? Is very rare that all howtos say we have to do it and apparently works pretty well without it.

            Thanks in advance.

            1 Reply Last reply Reply Quote 0
            • F Offline
              filnko
              last edited by

              Great to hear that.

              I have no clue about the tunnables - just tried it and it works perfect for protecting webservers over 3 month at 1-2gb traffic per day now.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.