Replace Watchguard - How to make transparent…



  • I'm running 1.2RC4 and for the life of me, following all the guides (i.e. http://pfsense.trendchiller.com/transparent_firewall.pdf), I can't get the pfSense to be "transparent."

    I hate the Watchguard, and want to get rid of it, but it's the firewall for all the Windows-based servers.

    Watchguard Setup:
    OUTSIDE WORLD -> Watchguard Ext Port -> Watchguard Int Port -> Switch -> Windows-based servers (public IPs)

    All the Windows-based servers can be reached by their public IPs… I tried following the PDF guide above to accomplish the same thing to no avail...

    OUTSIDE WORLD -> pfSense WAN port -> pfSense LAN port -> Switch -> Any server (public IP)

    Any tips on what I've missed... For reference, I followed the guide above, so anything and everything was followed according to that.
    One thing, though, is that even if I create a rule for the WebGUI, unless I am on the LAN side, I can't access it (and if I do, I can only access it via the WAN IP I assigned to it).

    Any help is appreciated - I'd really love to knock out a Watchguard with pfSense!



  • All the Windows-based servers can be reached by their public IPs… I tried following the PDF guide above to accomplish the same thing to no avail...

    Could you be a bit more specific?
    What does not work?



  • Communication from the OUTSIDE WORLD to the servers behind the pfSense (PROTECTED SIDE) does not work…
    Communication from the OUTSIDE WORLD to the pfSense WebGui does not work...
    Communication from the PROTECTED SIDE to the OUTSIDE WORLD does not work...

    Communication from the PROTECTED SIDE to the WAN IP (for WebGui) WORKS

    Other than that, we're at a loss as to why this is happening - it shouldn't be that difficult, but we might be missing something.

    Thanks for your help!



  • could you post screenshots of the rules you have on the LAN and the WAN tab?



  • Missed the message before leaving work, I'll do it first thing unless I can figure out how to connect to the machine from home. Again, I appreciate your assistance.

    A coworker just sent me this e-mail:
    http://scottf.wordpress.com/2005/07/05/a-virtual-transparent-packet-filtering-firewall-with-openbsd/

    This is exactly what I'm trying to accomplish…



  • Well, I setup up another machine with following those instructions - real basic… Still no good... So I know it's not the pfSense setup (I've setup pfSense countless times in different configs, so I doubted it was setup wrong).

    Anyway, I think I figured out the problem after watching the traffic on the network interfaces - the switches weren't configured to be in promiscuous mode... I reconfigured and was able to get to one website across the bridged interface. Tomorrow (well, today now, for me), I will go ahead and try it through pfSense.

    Thanks again... If I still need help, I'll go ahead and post back.


Locked