4. From PF/OpenBSD to PFSense Transparent Firewall Problems

From PF/OpenBSD to PFSense Transparent Firewall Problems

  • D

    I recently moved over to PFSense from a OpenBSD/PF setup.  In both cases I am using a transparent bridge, however on the OpenBSD machine I was allowed to have no IP on the LAN interface in my bridge.  In PFSense, I set it to 172.31.1.1/30, which is just a private network address that I know will never be used in the network.

    As it sits my rules don't work, even though they worked on the OpenBSD setup.

    Here's my config.

    Filtering Bridge is on, NAT is off.

    LAN -
    172.31.1.1 / 30
    Bridge to WAN

    WAN -
    64.x.x.254 / 24
    Gateway 64.x.x.1

    Firewall Aliases
    –-
    gateway 64.x.x.1
    internal_net 64.x.x.0/24

    Rules

    LAN Side:

            • *  Default

    WAN Side:

    TCP lines are all Modulate State.. UDP lines are all Keep State.

    If I remove that "Default inbound rule", I can't access the rest of the network attached to the backside of the bridge as any IP except for my management/backup IP.  If I leave it in, it works.  If I don't have the default outbound rules, the filtered addresses cannot connect out.

    Do I have my rules long or is something maybe wrong with my config?  I had things this way on OpenBSD and just set up the PFSense config based on my pf.conf on the OpenBSD unit.

    Thanks in advance.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy