Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent DSL Firewall?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 689 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      boxer4
      last edited by

      Hello all, new here.  I recently got a nonfunctional Watchguard Firebox X1000 with no software and got it to power up again.  I found pfSense as a possible solution to the software problem, and have found it to be really complete and extensive, great job!

      Now I'm trying a bit more complicated setup working.  I lease a /29 public IP subnet on my home DSL.  Because the router/firewall function in my DSL modem is so crappy, I was thinking about using it in bridge mode, and have pfSense firewall/route.  However the feature that I was wondering is how to get the static IPs across the firewall.

      The setup would be:
      (DSL/ATM/DSLAM)–(DSL Modem in bridge mode)--(PPPoE pfSense box as router (WAN PORT))

      The pfSense box, namely the Watchguard Firebox X1000, would have 5 other ports.  What I would like is to have 4 ports be used for transparently passing the /29 and use the static IPs on those machines.  And I could mix private IP NAT along with it (much like the DSL modem).  The remaining port I'd like to have NAT on a third guest network.

      My first guess is that I should use the physical WAN port for PPPoE, and have a "virtual WAN port."  Then bridge the new virtual WAN port with four of the LAN ports, and have the last port on its own network for guests.  I setup a software bridge and set the bridge's IP addresses to one of the IP addresses of my /29, but I could not get any machines with public IP addresses on my /29 to pass through with firewall rules to pass (WAN anywhere -> bridge net, and LAN bridge net-> anywhere = pass).  In order to try to prevent lockout, one of the bridge members has a private network address.  With another rule on the LAN bridge net private address ->anywhere = pass, I noticed the LAN addresses are NATted just fine - so at least the PPPoE setup is working.

      I was comparing this setup with my Actiontec DSL modem-router in router mode where the LAN and WAN static IP addresses are shared on the Ethernet ports.  As it uses Linux Netfilter/iptables can't exactly translate to pf, but I would imagine pfSense should be able to do the same?

      What I don't quite understand is how to get that "Virtual WAN" interface, which gets my static IP address range from PPPoE, shared over the bridge?  Maybe Montavista is doing something weird and I won't ever be able to match the router functionality without a hacked kernel?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.