Bridge and NAT through same interface?

  • Here's the deal, I have a pfSense connected to a LAN and all that is working fine. On the WAN port of the pfSense there is a switch that has 3 cables 1) ISP 2) pfSense 3) Exchange Server. So right now the exchange server is on the internet without any sort of firewall and that is not something I am liking.

    The connection from the ISP is bridged, not routed.

    Is there any way the Exchange server itself can keep the current IP (I.E.: ABSOLUTLY no configuration change on the exchange server) and then I can still pass this through pfSense. I do NOT want to do any sort of NAT or 1:1 NAT if possible. I was told this should work, but I am not sure:

    1. create new interface in the pfSense to connect Exchange Server to the interface
    2. Bridge the current pfSense WAN and the new interface]
    3. Create the relevant firewall rules.

    Actually I tried this quickly and I could not get any traffic to pass.

  • You want to do it as you described, those are the 3 steps from the firewall perspective.

  • Then I do not understand why the traffic isn't passed?

    Interfaces > Assign:
    WAN: VR1
    LAN: VLAN 3 on VR0
    OP4: VLAN 10 on VR0

    Interfaces > Assign > Bridge

    Firewall > Rules > WAN:
    Source *
    Proto *
    Destination: Exchange IP (WAN IP + 1)

    Firewall > Rules > OPT4:
    Source *
    Proto *
    Dest *

Log in to reply