Bridge mode issue
-
Recently installed, bridged LAN/WAN, created OPT1 assigned IP, disabled NAT/DHCP.
Network:
modem -> pfsense -> f0/0 cisco t f0/1 -> cisco switch
f0/0 ip address dhcp, nat outside
f0/1 nat insideroute = ip router 0.0.0.0 0.0.0.0 dhcp
I have ports 443, 80, 53, 123 open but am unable to ping externally to host or IP from pfsense or browse the internet at all. Chrome and Windows give a DNS error. Everything is accessible internally.
Is there a port I'm missing or something I need to change. Clients have gateway set up the router IP.
-
Hi,
Hooking up a PC directly to pfSense (LAN) - just using a switch in the middle, does work/ping ?
You said you have "ports 443, 80, 53, 123 open". On LAN ? You know that "ping" is not a port, but a protocol, different from TCP and UDP ?
By default, all is open on LAN, why changing that ? -
Ports open on WAN, yes I know ICMP is not a port, but if configured correctly I would have guessed it should ping external sites. I will test just the bridged firewall hooked to the PC after work today.
-
Ports open on WAN, ….
Ports 443, 80, 53 and 123 open an WAN ??? :o
So your GUI is accessible from WAN, thats right ? -
You need to enable ICMP protocol to ping (no port). On that note, you should IMMEDIATELY close the rest. WTF.
-
disabled NAT
In usual all is opened if the NAT is down!
There are two common ways to do so:
- Opening ports at the WAN interface
- Disable NAT and all is open
At today many peoples want to create a so called transparent firewall by bridging ports together
and disabling then the NAT function at the WAN Interface and yes the most of them don´t really
know what they are doing, but they are thinking this transparent firewall is much more secure
then the others. I really don´t know from where this knowledge is coming or will be spread out
but in this way the security is not gaining up in your network, believe me please.