Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Replace Watchguard - How to make transparent…

    Scheduled Pinned Locked Moved NAT
    6 Posts 2 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mjpcomp
      last edited by

      I'm running 1.2RC4 and for the life of me, following all the guides (i.e. http://pfsense.trendchiller.com/transparent_firewall.pdf), I can't get the pfSense to be "transparent."

      I hate the Watchguard, and want to get rid of it, but it's the firewall for all the Windows-based servers.

      Watchguard Setup:
      OUTSIDE WORLD -> Watchguard Ext Port -> Watchguard Int Port -> Switch -> Windows-based servers (public IPs)

      All the Windows-based servers can be reached by their public IPs… I tried following the PDF guide above to accomplish the same thing to no avail...

      OUTSIDE WORLD -> pfSense WAN port -> pfSense LAN port -> Switch -> Any server (public IP)

      Any tips on what I've missed... For reference, I followed the guide above, so anything and everything was followed according to that.
      One thing, though, is that even if I create a rule for the WebGUI, unless I am on the LAN side, I can't access it (and if I do, I can only access it via the WAN IP I assigned to it).

      Any help is appreciated - I'd really love to knock out a Watchguard with pfSense!

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        All the Windows-based servers can be reached by their public IPs… I tried following the PDF guide above to accomplish the same thing to no avail...

        Could you be a bit more specific?
        What does not work?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • M
          mjpcomp
          last edited by

          Communication from the OUTSIDE WORLD to the servers behind the pfSense (PROTECTED SIDE) does not work…
          Communication from the OUTSIDE WORLD to the pfSense WebGui does not work...
          Communication from the PROTECTED SIDE to the OUTSIDE WORLD does not work...

          Communication from the PROTECTED SIDE to the WAN IP (for WebGui) WORKS

          Other than that, we're at a loss as to why this is happening - it shouldn't be that difficult, but we might be missing something.

          Thanks for your help!

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            could you post screenshots of the rules you have on the LAN and the WAN tab?

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • M
              mjpcomp
              last edited by

              Missed the message before leaving work, I'll do it first thing unless I can figure out how to connect to the machine from home. Again, I appreciate your assistance.

              A coworker just sent me this e-mail:
              http://scottf.wordpress.com/2005/07/05/a-virtual-transparent-packet-filtering-firewall-with-openbsd/

              This is exactly what I'm trying to accomplish…

              1 Reply Last reply Reply Quote 0
              • M
                mjpcomp
                last edited by

                Well, I setup up another machine with following those instructions - real basic… Still no good... So I know it's not the pfSense setup (I've setup pfSense countless times in different configs, so I doubted it was setup wrong).

                Anyway, I think I figured out the problem after watching the traffic on the network interfaces - the switches weren't configured to be in promiscuous mode... I reconfigured and was able to get to one website across the bridged interface. Tomorrow (well, today now, for me), I will go ahead and try it through pfSense.

                Thanks again... If I still need help, I'll go ahead and post back.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.