How can pfsense download packages in transparent mode?
Hi, i have setup pfsense in transparent mode, everything works okey and i can use browser to connect to to the firewall and internet :-)
There is 2 network cards in the firewall Wan and lan is in bridge and i have made one opt1 connected to wan-lan bridge with static IP.
BUT, how can i get the pfsense to download package in transparent mode? If i setup gateway on OPT1 then i cant connect to the pfsense anymore, but it still function as firewall but i cant connect to it.
What is the status of your outbound nat? By default it will try to use wan address for local host traffic. You will probably have to setup outbound nat to translate local host to perhaps opt1. That way it will get an Internet route able address.
hi, sorry for late answer.
I have tried 2 things.
1. WAN and LAN with no IP, BRIDGE and OPT1 connected to that bridge with static IP to configure pfsense. It function ok as transparent firewall/bridge. If i have this on the outside of my router/firewall i cant reach internet from pfsense, but all traffic pass as normal. If i set a gateway on wan to point at the same gateway my router/firewall has on its wan port, it dont work.
if i move the pfsense on inside of the router/firewall and set the gateway to be the lan adress of my router/firewall then it works, but i want to have it on the outside.
2. WAN and LAN with ip in same range and mask as my local LAN, set in bridge and use it as transparent firewall/bridge, this way i dont need the OPT1 interface. This work to if i have it on the inside (LAN side).
I want it to be on in front of my existing router/firewall and that it can use internet to update etc. If i have 3 network cards in it, could i use one of them to connect to my LAN and use that to configure it and use that to let the pfsene updates, or will pfsense see that traffic as bad?
I would think that would be ideal. Having an opt1 interface on the LAN with the router/gateway as the rest of your LAN. Since that will be doing the NATing, pfSense should allow that to pass as an outbound connection. It should be the same as all the other traffic originating from the LAN side.