Noob with Setup Question

  • Hello. I just VERY recently got a firebox x550e for little to nothing, and got pfsense running on it (after 8 hours of dealing with serial issues) and love the thing, but want to know if something is possible. I currently have 2 interfaces, LAN and WAN. Right now the device literally acts as just a router. What I want to setup is a MAC table, so if a device on the LAN has a specific MAC address, the pfsense box will then bridge its connection to the WAN, and route it through. This would mean that device would literally bypass the router all togeather. I was looking at VLANS, but I honesty have no clue on how to set this up. Im not new to linux, but am 100% new to BSD distros (used to debian, ubuntu, fedora, centos, etc.). So can anyone guide me in the right direction? heres a image of what id like to get set up.

    Also, my WAN and LAN DO have separate subnets. I could just bridge the WAN and LAN ports (as my modem has DHCP disabled) but for security I dont want that.

  • LAYER 8 Global Moderator

    And your ISP will give you multiple public IPs?  Unless you have more than 1 public IP on the wan - what your asking is impossible.

    If you do have more than 1 public IP from your ISP, you could always just  place a switch between the pfsense box and the modem from your isp.  And devices you want to be directly connected to the public just connect to that switch.

    Another option is if you have more than 1 public IP, is setup the other public IPs on the wan of the pfsense as virtual IPs, and then setup 1to1 NAT to the devices on the inside.  This is practically the same as directly connecting to the public or bridging them to the public net.

  • First of I have 13 static IP's in a block, so I have the addresses to do it. Also, the switch thing is currently what I have setup. I have a switch inbetween the modem and firebox, and the servers currently run off the switch. Only thing is that with it wired like that, each server needs 2 interfaces. one for LAN, one for WAN. Also, if I set them up as virtual-IP's, can I set it up to work with the mac-addressing? so it limits a select IP to a select MAC address only? Thanks

  • LAYER 8 Global Moderator

    Great so you have the public IPs - I wonder why you need to put them directly connected to the public net to be honest.

    Why not just forward your public IPs specific traffic to servers on the private side to whatever service ports they are hosting.  You can quite easy make use of multiple public IPs to point to multiple servers behind the nat, etc.

    I am curious why you feel they need to be fully exposed via a bridged type setup?

  • Right now there are 2 main reasons. First is IPv6. My servers use a 6rd tunnel from my ISP, and when I tried the latest snapshots of pfsense, my firebox literally crashed and burned. (aka it was literally unusable). The other reason is currently my servers all have there own firewall software, and until I learn how to properly migrate my rules into pfsense, I dont want to throw them on it. (thus wanting to bride them threw it for now)

  • OK, so ive just tried to bridge LAN to WAN (by bridging the interfaces) and I am unable to ping out on a device that has a WAN IP set static. Im guessing its not as easy as just bridging the interfaces? any links on what to do or how to bridge them would be appreciated.

Log in to reply