Filtering Bridge/transparent firewall



  • Hello,

    I was looking to set up a transparent firewall on my network as a gateway so I can have some control over the traffic towards the internet.

    Some searching led me to PfSense configured as a filtering bridge. (http://doc.m0n0.ch/handbook/examples-filtered-bridge.html & http://pfsense.trendchiller.com/transparent_firewall.pdf) with a WAN IP in my local network.

    This worked but as far as I could tell traffic shaping would not work over such a setup.

    On a whim, I disabled the bridging but left private networks unblocked and set up the LAN interface with a different IP, but STILL in the same subnet.

    So I have the WAN interface configured by my DHCP server (receiving the correct DNS and gateway addresses) and the LAN interface configured by the same DHCP server set up with a static IP based on the PfSense's box LAN interface MAC address.

    So now I have my normal internet router say at 192.168.10.1. This serves as a firewall facing the internet but allows all outgoing traffic.

    the pfSense WAN is configured as say IP: 192.168.10.2 , Gateway: 192.168.10.1 and the correct DNS servers.

    the pfSense LAN is configured as IP 192.168.10.3.

    Now, with any of the other PC's on my local network, which all get addresses via the DHCP (192.168.10.XX and gateway 192.168.10.1) if I change the gateway to 192.168.10.3 (the pfSense's box LAN IP) everything seems at first glance  to work correctly in terms of filtering/shaping.

    Is there a problem with such a setup?

    This is ideal for me  but I just wanna know if there will be problems I haven't thought of yet.

    Hopefully someone with more knowledge/experience will be able to help.

    best regards,

    Alex

    EDIT: Interesting…. http://forum.pfsense.org/index.php/topic,7190.0.html according to this topic, it's not supposed to work but the few basic rules I set up seem to work ok and the shaper's graphs seem correct as well...


Log in to reply