Pass through block of static ip's on OPT interface

  • I have a block of static ip's. One is assigned to the WAN port of pfsense. I want to assign some of them directly to servers on the OPT interface.
    Not worried about setting rules to block traffic from OPT to LAN.

    Enabled OPT interface, set IPv4 Configuration type to None

    Went to Interfaces, created a bridge between OPT and WAN

    Created a rule to allow all traffic out on the OPT interface
    IPv4 * * * * * * none

    Another rule to allow traffic from WAN to OPT
    IPv4 TCP/UDP WAN address * OPT1 net * * none

    Checked in ARP Table and could see the server.

    Tried to ping it from within pfsense and it fails every time.

    Searched the forum, tried the various methods and could not get it to work. Have no idea what I'm doing wrong.

  • Another rule to allow traffic from WAN to OPT
    IPv4 TCP/UDP    WAN address    *    OPT1 net    *    *    none

    You only have allowed traffic from WAN address to OPT1. Allow it from anywhere.
    You can tighten access later by splitting the rule in different ones for any destination + ports.

  • On the WAN rules, I edited the rule as suggested
    IPv4 TCP/UDP * * OPT1 net * * none

    Still nothing. It's as if pfsense doesn't know where to send the packets. When I did a traceroute, that failed too.  Have a lot to learn about this wonderful firewall, but feel as if OPT should have an ip address so that it can route to machines physically attached to it.

    When I get this figured out, I will write a full "How To" on getting this working.

Log in to reply