Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    @52 block drop log quick on bridge0 all label "USER_RULE"

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      Vard0
      last edited by

      Hi.

      I am a complete noob so please bear with me.

      I have pfSense set up with 3 interfaces:

      WAN - NONE
      LAN  - NONE
      opt1 (bridge) - 192.168.1.250/23 - Gateway 192.168.1.252/23

      My Laptop - 192.168.4.51/23 - Gateway 192.168.4.254/23

      WAN & LAN are Bridged and the bridge is assigned to opt1.

      WAN and LAN interfaces are set to none and opt1 is set to a Static IP address which I am using to access the WebGUI.  The default anti-lockout rules on the LAN interface are therefore not applicable.

      I have disabled filtering on all bridge member interfaces (net.link.bridge.pfil_member is set to 0) so all filtering is done on the bridge interface.

      I can ping the management interface from my laptop but I cannot ping the laptop from the pfsense server.  A traceroute shows all pings are trying to go out via the default gateway which I suspect is the reason for a lot of TCP:FA, TCP:PA and TCP:FPA flags in my logs files. I´ve tried adding a second gateway but this just locked me out completely.

      I cannot access the Management interface when the firewall rules are enabled and I also cannot get DNS queries to go through the firewall.

      All blocked traffic that I would like to pass is being blocked by the same rule:-  @52 block drop log quick on bridge0 all label "USER_RULE"

      Does anyone have any suggestions on how I can get traffic flowing properly through my setup?  Ideally I would like to be able to access the webconsole from both the WAN and the LAN subnets.

      Thanks

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        In a transparent firewall setup like this you would normally want filtering on the bridge members, wan and LAN, otherwise you're not firewalling anything.
        What firewall rules do you have in place on each interface?

        Steve

        1 Reply Last reply Reply Quote 0
        • V
          Vard0
          last edited by

          Thanks Stephen.

          I managed to get it working by swithing to conservative mode.

          BTW, I am filtering on the bridge interface and it seems to be working pretty well.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Hmmm, intersecting. If you have two interfaces bridges and no filtering on the member interfaces I would expect traffic to flow freely between them. Still if its working….  ;)

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.