Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    @52 block drop log quick on bridge0 all label "USER_RULE"

    Firewalling
    2
    4
    1744
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Vard0 last edited by

      Hi.

      I am a complete noob so please bear with me.

      I have pfSense set up with 3 interfaces:

      WAN - NONE
      LAN  - NONE
      opt1 (bridge) - 192.168.1.250/23 - Gateway 192.168.1.252/23

      My Laptop - 192.168.4.51/23 - Gateway 192.168.4.254/23

      WAN & LAN are Bridged and the bridge is assigned to opt1.

      WAN and LAN interfaces are set to none and opt1 is set to a Static IP address which I am using to access the WebGUI.  The default anti-lockout rules on the LAN interface are therefore not applicable.

      I have disabled filtering on all bridge member interfaces (net.link.bridge.pfil_member is set to 0) so all filtering is done on the bridge interface.

      I can ping the management interface from my laptop but I cannot ping the laptop from the pfsense server.  A traceroute shows all pings are trying to go out via the default gateway which I suspect is the reason for a lot of TCP:FA, TCP:PA and TCP:FPA flags in my logs files. I´ve tried adding a second gateway but this just locked me out completely.

      I cannot access the Management interface when the firewall rules are enabled and I also cannot get DNS queries to go through the firewall.

      All blocked traffic that I would like to pass is being blocked by the same rule:-  @52 block drop log quick on bridge0 all label "USER_RULE"

      Does anyone have any suggestions on how I can get traffic flowing properly through my setup?  Ideally I would like to be able to access the webconsole from both the WAN and the LAN subnets.

      Thanks

      1 Reply Last reply Reply Quote 0
      • stephenw10
        stephenw10 Netgate Administrator last edited by

        In a transparent firewall setup like this you would normally want filtering on the bridge members, wan and LAN, otherwise you're not firewalling anything.
        What firewall rules do you have in place on each interface?

        Steve

        1 Reply Last reply Reply Quote 0
        • V
          Vard0 last edited by

          Thanks Stephen.

          I managed to get it working by swithing to conservative mode.

          BTW, I am filtering on the bridge interface and it seems to be working pretty well.

          1 Reply Last reply Reply Quote 0
          • stephenw10
            stephenw10 Netgate Administrator last edited by

            Hmmm, intersecting. If you have two interfaces bridges and no filtering on the member interfaces I would expect traffic to flow freely between them. Still if its working….  ;)

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy