Bridging Firewall Not Passing Traffic



  • Ok, so now that everything works without the firewall, we'd love it if we could use the firewall now.  :-)

    So here's where we are…  WAN (AdminPort) is an internal admin interface--which works fine no matter what

    LAN (Internet-Side) and OPT1 (Server-Side) are bridged (as OPT2) together.

    If we use "pfctl -d" to stop the firewall, traffic flows correctly. If we turn the firewall on, no traffic flows through the bridge, though it does flow out of the AdminPort (WAN). I tried "anything from anywhere to anywhere" configured on LAN, OPT1 and OPT2...  trying to "be completely open"....  yet no joy.

    My current firewall rules are:

    • Floating: none

    • AdminPort (WAN):  source: 192.168.x.x/21 | destination: *

    • Internet (LAN): source: x.x.x.x (various public IPs of remote servers to be allowed in) | destination: 8.37.x.x (various server IPs behind bridge)

    • ServerLAN (OPT1): source: 8.37.x.x (local server IPs) | destination: x.x.x.x (various public IPs of off-site servers to we connect)

    • Bridge (OPT2):  source: * | destination: *

    I'm sure it is something simple–would someone point me in the right direction, please?

    Thanks!

    PS: Once I get this working, I will produce a new HOWTO for setting up bridging firewalls with three NICs instead of the two used in most examples.  (We do not want a public-IP admin port on our firewall.)



  • Ok, this falls under the category of "doh"…  Forgot to open non-TCP traffic when trying to ping things.

    Sorry to bother, but now I can work on the HOWTO that I wanted to do....


Log in to reply