Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pass through block of static ip's on OPT interface

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 774 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thetallkid
      last edited by

      I have a block of static ip's. One is assigned to the WAN port of pfsense. I want to assign some of them directly to servers on the OPT interface.
      Not worried about setting rules to block traffic from OPT to LAN.

      Enabled OPT interface, set IPv4 Configuration type to None

      Went to Interfaces, created a bridge between OPT and WAN

      Created a rule to allow all traffic out on the OPT interface
      IPv4 * * * * * * none

      Another rule to allow traffic from WAN to OPT
      IPv4 TCP/UDP WAN address * OPT1 net * * none

      Checked in ARP Table and could see the server.

      Tried to ping it from within pfsense and it fails every time.

      Searched the forum, tried the various methods and could not get it to work. Have no idea what I'm doing wrong.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Another rule to allow traffic from WAN to OPT
        IPv4 TCP/UDP    WAN address    *    OPT1 net    *    *    none

        You only have allowed traffic from WAN address to OPT1. Allow it from anywhere.
        You can tighten access later by splitting the rule in different ones for any destination + ports.

        1 Reply Last reply Reply Quote 0
        • T
          thetallkid
          last edited by

          On the WAN rules, I edited the rule as suggested
          IPv4 TCP/UDP * * OPT1 net * * none

          Still nothing. It's as if pfsense doesn't know where to send the packets. When I did a traceroute, that failed too.  Have a lot to learn about this wonderful firewall, but feel as if OPT should have an ip address so that it can route to machines physically attached to it.

          When I get this figured out, I will write a full "How To" on getting this working.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.