Trasparent bridge firewall "variant"



  • I beg your pardon if the topic was already discussed, but I did not find anything about this "variant" of bridge-fw by using pfSense 2.0.x.

    At the moment I have an OpenBSD+pf based trasparent bridge-firewall which uses 3 network cards.
    I use 2 of them WITHOUT IP to create the bridge-firewall and the third one with an IP on the "LAN" side
    to manage it.

    The schema is the following:
                              –-
                              |    |     
    LAN [No IP] –-----|    |----------- WAN [NO IP]
                              |    |
                              |    |
    Admin      –------|    |
    IP 1.2.3.4            |    |
                              ---

    Now, I would like to switch to a pfSense based trasparent bridge-fw.
    I found and followed the indications of W. Tarrh HowTo:
    http://people.pharmacy.purdue.edu/~tarrh/Transparent Firewall-Filtering Bridge - pfSense 2.0.1 By William Tarrh.pdf

    In this case however, if I understood correctly, the WAN interface has an IP associated, from which pfSense could be managed. Moreover, from what was reported in the forum it seems that the management via web has some problems if the IP was assigned to the LAN interface instead.

    My question is: by using pfSense is it possible to create a bridge-fw like the one I did with OpenBSD+pf, ie the LAN and WAN interfaces used to create the bridge have NO IP assigned while the management is done using a third interface at which was assigned an IP, preferibly set on the LAN side?
    TIA for any answer

    Topoldo



  • very much possible. Normally you would bridge WAN and LAN, enable filtering bridge, and add one OPT interface with IP address for management. (Of course, you can call those interfaces whatever you like in pfSense afterwards :D)


Log in to reply