4. @52 block drop log quick on bridge0 all label "USER_RULE"

@52 block drop log quick on bridge0 all label "USER_RULE"

  • V

    Hi.

    I am a complete noob so please bear with me.

    I have pfSense set up with 3 interfaces:

    WAN - NONE
    LAN  - NONE
    opt1 (bridge) - 192.168.1.250/23 - Gateway 192.168.1.252/23

    My Laptop - 192.168.4.51/23 - Gateway 192.168.4.254/23

    WAN & LAN are Bridged and the bridge is assigned to opt1.

    WAN and LAN interfaces are set to none and opt1 is set to a Static IP address which I am using to access the WebGUI.  The default anti-lockout rules on the LAN interface are therefore not applicable.

    I have disabled filtering on all bridge member interfaces (net.link.bridge.pfil_member is set to 0) so all filtering is done on the bridge interface.

    I can ping the management interface from my laptop but I cannot ping the laptop from the pfsense server.  A traceroute shows all pings are trying to go out via the default gateway which I suspect is the reason for a lot of TCP:FA, TCP:PA and TCP:FPA flags in my logs files. I´ve tried adding a second gateway but this just locked me out completely.

    I cannot access the Management interface when the firewall rules are enabled and I also cannot get DNS queries to go through the firewall.

    All blocked traffic that I would like to pass is being blocked by the same rule:-  @52 block drop log quick on bridge0 all label "USER_RULE"

    Does anyone have any suggestions on how I can get traffic flowing properly through my setup?  Ideally I would like to be able to access the webconsole from both the WAN and the LAN subnets.

    Thanks

    0
  • Netgate Administrator

    In a transparent firewall setup like this you would normally want filtering on the bridge members, wan and LAN, otherwise you're not firewalling anything.
    What firewall rules do you have in place on each interface?

    Steve

    0
  • V

    Thanks Stephen.

    I managed to get it working by swithing to conservative mode.

    BTW, I am filtering on the bridge interface and it seems to be working pretty well.

    0
  • Netgate Administrator

    Hmmm, intersecting. If you have two interfaces bridges and no filtering on the member interfaces I would expect traffic to flow freely between them. Still if its working….  ;)

    Steve

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy