Bridge mode issue



  • Recently installed, bridged LAN/WAN, created OPT1 assigned IP, disabled NAT/DHCP.

    Network:

    modem -> pfsense -> f0/0 cisco t f0/1 -> cisco switch

    f0/0 ip address dhcp, nat outside
    f0/1 nat inside

    route = ip router 0.0.0.0 0.0.0.0 dhcp

    I have ports 443, 80, 53, 123 open but am unable to ping externally to host or IP from pfsense or browse the internet at all. Chrome and Windows give a DNS error. Everything is accessible internally.

    Is there a port I'm missing or something I need to change. Clients have gateway set up the router IP.



  • Hi,

    Hooking up a PC directly to pfSense (LAN) - just using a switch in the middle, does work/ping ?
    You said you have "ports 443, 80, 53, 123 open". On LAN ? You know that "ping" is not a port, but a protocol, different from TCP and UDP ?
    By default, all is open on LAN, why changing that ?



  • Ports open on WAN, yes I know ICMP is not a port, but if configured correctly I would have guessed it should ping external sites. I will test just the bridged firewall hooked to the PC after work today.



  • @grrttmrtn:

    Ports open on WAN, ….

    Ports 443, 80, 53 and 123 open an WAN ???  :o
    So your GUI is accessible from WAN, thats right ?


  • Banned

    You need to enable ICMP protocol to ping (no port). On that note, you should IMMEDIATELY close the rest. WTF.



  • disabled NAT

    In usual all is opened if the NAT is down!

    There are two common ways to do so:

    • Opening ports at the WAN interface
    • Disable NAT and all is open

    At today many peoples want to create a so called transparent firewall by bridging ports together
    and disabling then the NAT function at the WAN Interface and yes the most of them don´t really
    know what they are doing, but they are thinking this transparent firewall is much more secure
    then the others. I really don´t know from where this knowledge is coming or will be spread out
    but in this way the security is not gaining up in your network, believe me please.


Log in to reply