Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    From PF/OpenBSD to PFSense Transparent Firewall Problems

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      droobie
      last edited by

      I recently moved over to PFSense from a OpenBSD/PF setup.  In both cases I am using a transparent bridge, however on the OpenBSD machine I was allowed to have no IP on the LAN interface in my bridge.  In PFSense, I set it to 172.31.1.1/30, which is just a private network address that I know will never be used in the network.

      As it sits my rules don't work, even though they worked on the OpenBSD setup.

      Here's my config.

      Filtering Bridge is on, NAT is off.

      LAN -
      172.31.1.1 / 30
      Bridge to WAN

      WAN -
      64.x.x.254 / 24
      Gateway 64.x.x.1

      Firewall Aliases
      –-
      gateway 64.x.x.1
      internal_net 64.x.x.0/24

      Rules

      LAN Side:

              • *  Default

      WAN Side:

      TCP lines are all Modulate State.. UDP lines are all Keep State.

      If I remove that "Default inbound rule", I can't access the rest of the network attached to the backside of the bridge as any IP except for my management/backup IP.  If I leave it in, it works.  If I don't have the default outbound rules, the filtered addresses cannot connect out.

      Do I have my rules long or is something maybe wrong with my config?  I had things this way on OpenBSD and just set up the PFSense config based on my pf.conf on the OpenBSD unit.

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.