Bridge mode issue

  • Recently installed, bridged LAN/WAN, created OPT1 assigned IP, disabled NAT/DHCP.


    modem -> pfsense -> f0/0 cisco t f0/1 -> cisco switch

    f0/0 ip address dhcp, nat outside
    f0/1 nat inside

    route = ip router dhcp

    I have ports 443, 80, 53, 123 open but am unable to ping externally to host or IP from pfsense or browse the internet at all. Chrome and Windows give a DNS error. Everything is accessible internally.

    Is there a port I'm missing or something I need to change. Clients have gateway set up the router IP.

  • Hi,

    Hooking up a PC directly to pfSense (LAN) - just using a switch in the middle, does work/ping ?
    You said you have "ports 443, 80, 53, 123 open". On LAN ? You know that "ping" is not a port, but a protocol, different from TCP and UDP ?
    By default, all is open on LAN, why changing that ?

  • Ports open on WAN, yes I know ICMP is not a port, but if configured correctly I would have guessed it should ping external sites. I will test just the bridged firewall hooked to the PC after work today.

  • @grrttmrtn:

    Ports open on WAN, ….

    Ports 443, 80, 53 and 123 open an WAN ???  :o
    So your GUI is accessible from WAN, thats right ?

  • Banned

    You need to enable ICMP protocol to ping (no port). On that note, you should IMMEDIATELY close the rest. WTF.

  • disabled NAT

    In usual all is opened if the NAT is down!

    There are two common ways to do so:

    • Opening ports at the WAN interface
    • Disable NAT and all is open

    At today many peoples want to create a so called transparent firewall by bridging ports together
    and disabling then the NAT function at the WAN Interface and yes the most of them don´t really
    know what they are doing, but they are thinking this transparent firewall is much more secure
    then the others. I really don´t know from where this knowledge is coming or will be spread out
    but in this way the security is not gaining up in your network, believe me please.