• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Hosts behind Transparent Bridge are displayed with Bridge IP as source IP

Scheduled Pinned Locked Moved Firewalling
24 Posts 7 Posters 22.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    Matts
    last edited by Jul 9, 2007, 1:25 PM

    @wacko:

    @Matts: Which issue? There hve been a few discussed until now ;)

    If you refere to your initial issue, i.e. "seeing" the ip of pfSense as the source instead of the clients ip, then my solution for this Problem was simply a matter of enabling "Advance Outbound NAT" and deleting the default rule for LAN (the bridged interface). Hence, there is no NAT for this network and thus ip are not re-written.

    Hope this helps.
    Arno

    Hi Arno,

    Yeah thanks again !

    I understand what you mean, but maybe you can give an example.

    On the LAN there is a default * * * * *  rule, so everything form LAN to WAN is allowed. This rule has to be removed ?

    and maybe you can make this more clear "Advance Outbound NAT", I was not able to find an option like that anywhere. I hope you can give an example too.

    Thanks again.

    Matts

    1 Reply Last reply Reply Quote 0
    • W
      wacko
      last edited by Jul 9, 2007, 1:41 PM

      Ok..

      I assume you only have LAN and WAN connected, which are bridged.

      Under Firewall->Rules on the LAN Tab there should be the mentioned "any-thing is allowed rule". Don't change that. This means people on the LAN can do whatever they want, nothing is restricted.

      No go to Firewall->NAT and click on the last tap "Oubound". Per default the upper radio-button ("Automatic outbound NAT rule generation (IPSEC passthrough)") is selected. Now select the second radio button ("Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))") and hit save. Now a automatically rule for LAN is displayed in the lower area. Just delete (or deactivate) this rule and apply the changes. From now on, your LAN is not NATed anymore, but only routed. Hence, "outside" the real ips of the clients will be seen.

      This of course only makes sense if you have a bunch ob PUBLIC ip adresses….

      Hope it becomes clearer now - just ask if there are still unclear things.

      Best regards,
      Arno

      1 Reply Last reply Reply Quote 0
      • M
        Matts
        last edited by Jul 9, 2007, 5:57 PM

        Hi Arno,

        Thanks, this works perfectly !

        I think this thread is very usefull for further use.

        Thanks again !

        Cheers,

        Matts

        1 Reply Last reply Reply Quote 0
        • C
          coolcat1975
          last edited by Oct 14, 2007, 11:49 PM

          hi all!

          thanks to this post i also managed to get things working, but something i am still wondering about:

          i am loosing 2 of my official ip's on the pfsense machine.

          does this have to be this way or am i just having a configuration black out, but when i use private ip's on the machine nothing is going thru.

          best regards

          CC

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received