PFSENSE in Transparent BRIDGED mode



  • Hello Everybody,
    we are using pfsense in my company since 2008  , we configure some pfsense Boxes like office firewalls, right now we are going to use a Pfsense to another completly different task and we need your help to help us to take the good way.

    We rent 10U rack  space in our ISP , they gave us 40Mb simetric Internet access with 20 Public IPs. We have also in the same location some space in a tower where we have severals Ubiquitys Radio Antenas.
    This wireless network will allow us to bring the internet to different stores we have in the city, without using another network than us.
    In the remote side we are going to have a Pfsense box , used like a Firewall and adquiring a Public IP from the 20ths we are going to have with our ISP.

    in our ISP location we are going to leave a Pfsense box, to use it like a transparent bridged device to perform different tasks :
    • Join the Ubiquity Network with the internet
    • allow IPSEC VPN from our  HeadQuarters.
    • Allow access to the entire ubiquity network for maintenance.
    • Monitor the Internet Bandwith off each remote point.
    • Monitor the Network using our Nagios server in Head Office
    • We need to disable NAT and Firewalling in this pfsense.

    We are thinking to configure this Pfsense like a bridged transparent device.
    • Configure a WAN Interface with ONE off the Public IPS , to allow the access from the Internet and to the Internet.
    • Bridged this WAN with the other 7 Ethernet Interfaces we have.
    • Create 2 VLANS allowed in the Bridge 
    ∘ VLAN1 Public IP Network  gave by the ISP
    ∘ VLAN2 Private network for Ubiquity maintenance.

    Are we in the good way to configure this pfsense ?
    I join you a PDF with a diagram network.

    Thanks for your help.



  • Excuse me someone can help us or discuss our configuration ?

    Thanks for your help.



  • Do you really need public IPs at the end-point / stores ?

    It seems that you're heading towards a fully-bridged setup incl. wireless P2P bridges. What types of traffic will you be passing ?



  • Yes, the remote points are independents entities who need a public IP and a free Internet access like we could have with another ISP.
    The traffic between the remote points and the internet will be , VOIP, HTTP, and we will have monitoring trafic from the head quarters to each antena.

    Thanks for your help

    Regards



  • You show 3 towers at your pfsense site in your graphic.  Are these point to point links?  Or is there a single point of entry??



  • this are point to point links.
    i don't want that the Pfsense joining the networks made some firewalling or nat.
    Do i need to configure this box  in a transparent firewall , filtering bridge ?



  • Did you think i could configurate a Bridged Transparent Firewall to perform my goals?



  • @danisam:

    Did you think i could configurate a Bridged Transparent Firewall to perform my goals?

    Absolutely.

    http://forum.pfsense.org/index.php/topic,42318.0.html

    Ive not done a bridge setup with more than an in and an out interface but it seems like it should be straight forward…  VLANs to a switch then to the individual customers...

    Most of the stuff we use- Proxim Tsunami have separate maintenance ports. I don't know about yours...  But you should be able to run both subnets (customer and maintenance) to the same physical port on the wireless...  You will have to share your progress...

    Firewall rules apply from each interface to the "cloud"...  Through the box...  however you want to phrase that.



  • Thank you very much , i am working on my lab tests now and i will post my results.


Locked