PfSense 2.2 - How to setup mode tranparent ?

Harris

Hi all,

I have a diagram:

ISP <=> pfSense 2.2 <=> | server 1: public IP 1 |
                                        | server 2: public IP 2 |
                                        | server 3: public IP 3 |

How to config pfSense with that diagram ?

Tks :)

KOM

Create 3 virtual IP Aliases (Firewall - Virtual IPs)
Create 3 port forwards with associated firewall rule (Firewall - NAT - Port Forward)

dotdash

I don't think the OP wanted to NAT. There used to be a tutorial for transparent mode. Basically, bridge your interfaces. I usually assign a public IP to the bridge, then change the tunables to filter on the bridge.
Edit- looks like the tutorials are gone as they were too outdated.
Check the docs for bridge basics: https://doc.pfsense.org/index.php/Interface_Bridges

Harris

@dotdash:

I don't think the OP wanted to NAT. There used to be a tutorial for transparent mode. Basically, bridge your interfaces. I usually assign a public IP to the bridge, then change the tunables to filter on the bridge.
Edit- looks like the tutorials are gone as they were too outdated.
Check the docs for bridge basics: https://doc.pfsense.org/index.php/Interface_Bridges

Hi,

This is my config, but it not working :(

net.link.bridge.pfil_bridge = 1
net.link.bridge.pfil_member = 1

Tell me if you need any more !

Tks :)

dotdash

Two things:
If you want to set rules on the bridge interface set net.link.bridge.pfil_member=0 and net.link.bridge.pfil_bridge=1
If you put an IP on the bridge, use that to manage. Don't put an IP on the same subnet as the bridge on another interface.
edit: Oh, that's a VIP. Still, I'd put the public ip for management on the bridge interface. Or use a separate interface with a private ip or something. No need for virtual ips on a filtering bridge.

Derelict

Get your ISP to assign you a /30 or /29 for your WAN then route the public subnet to the proper IP address on it.  Then just set that subnet on OPT1 and turn off NAT.  That's the way it should be done anyway…  No VIPs, no bridging.

chpalmer

Since you have a mgmt port I assume you want it to have a private address…

Go to the NAT page and select "Manual Outbound NAT rule generation"

Then delete every rule generated except the "Mngmnt" interface.

edit- That is if you want your Mngmt port to have internet access… Otherwise just set it up with a private space address and create a rule allowing incoming traffic to its address from the private subnet you create. (no NAT)

edit- On second thought it appears that your Management port is set up as your true WAN port??  (based on Interface2.png)

Harris

I setup pfSense on VM. Maybe i mistake when config vSwitch. Now I waiting my physical server to config again.

Tks :)