'Real' IP for computers behind pfsense gw



  • Hi,

    We have enabled static routing from one of pfsense's interfaces which is connected to a Microsoft WSUS server.  Normally the wsus server will display each windows client's own IP but after we put it behind pfsense wsus displays the pfsense gw interface ip for all the clients.

    Is it a setting in pfsense to enable 'passing through' the clients' own IP to the server behind the static route, or isn't this possible?

    regards

    Tor



  • Search the forum for bridging.
    What you might want is a filtering bridge.
    Right now pfSense NAT's everything.



  • The following tutorial should be what you need.

    Setup a transparent firewall /filtering bridge with pfSense
    http://pfsense.trendchiller.com/transparent_firewall.pdf



  • Hi

    Thanks for the suggestion.  I have my pfsense box with wan and 3 lan interfaces lan1, lan2 and lan3, non of these are bridged but I have a static route allowing packets from nic1 and nic2 to pass through nic3 to another subnet (with the wsus server).  Everything is now set up with rules and works fine.

    Will checking the 'Allow filtering bridge' setting change/break the above scenario and force me to rework how everything work together?  This box is in production now and I cannot experiment too much =:

    regards

    Tor



  • Maybe you should make a diagramm where the server is, and which ports you have on pfSense.
    It might be possible to solve this with routing and not with bridging.



  • I have servera WSUS servers behind firewalls.  they are not handled any different than my internal clients and I am not having any issues.
    RC



  • One needs to enable manual NAT rules and then remove the NAT mapping. You want a straight through router. Not a NAT router.


Locked