From PF/OpenBSD to PFSense Transparent Firewall Problems



  • I recently moved over to PFSense from a OpenBSD/PF setup.  In both cases I am using a transparent bridge, however on the OpenBSD machine I was allowed to have no IP on the LAN interface in my bridge.  In PFSense, I set it to 172.31.1.1/30, which is just a private network address that I know will never be used in the network.

    As it sits my rules don't work, even though they worked on the OpenBSD setup.

    Here's my config.

    Filtering Bridge is on, NAT is off.

    LAN -
    172.31.1.1 / 30
    Bridge to WAN

    WAN -
    64.x.x.254 / 24
    Gateway 64.x.x.1

    Firewall Aliases
    –-
    gateway 64.x.x.1
    internal_net 64.x.x.0/24

    Rules

    LAN Side:

            • *  Default

    WAN Side:

    TCP lines are all Modulate State.. UDP lines are all Keep State.

    If I remove that "Default inbound rule", I can't access the rest of the network attached to the backside of the bridge as any IP except for my management/backup IP.  If I leave it in, it works.  If I don't have the default outbound rules, the filtered addresses cannot connect out.

    Do I have my rules long or is something maybe wrong with my config?  I had things this way on OpenBSD and just set up the PFSense config based on my pf.conf on the OpenBSD unit.

    Thanks in advance.


Log in to reply