Skip to main content
Sign In |
  Help (new window)
Wazo, LLC Company Logo

Wazo, LLC Network Administrators Blog

Go Search
Home
  

Other Blogs
DSLReports.com
Wazo, LLC Network Administrators Blog > Categories

4/2/2008

pfSense Transparent Bridge
A client I work for needed a new firewall solution, but didn't want to break the bank. A few requirements were the ability to have the firewall bridge transparently to allow public IP addressing behind the device - 1:1 NAT wasn't an option for various reasons - traffic graphing, and preferrably have an intrusion detection system.
 
Luckily, pfSense, a firewall built upon m0n0wall and BSD, fit the bill perfectly. It has the ability to bridge transparently, has an automated package system which can be used to install the Snort IDS, and has a built in RRDTool graphing for network traffic and system load.
 
Unfortunately, I ran into a few gotchas when installing pfSense in transparent bridge mode and thought I'd document them here for internet posterity.
 
  1. Follow the PDF at pfsense.trendchiller.com
  2. Note the following:
    1. Make sure to use a different IP on the LAN side. It doesn't matter what IP, as it's never used.
    2. Create a firewall rule to allow web management. Create a WAN rule with a destination of the WAN Address and a port of 80 HTTP.
    3. Connect the WAN port to your ISP and the LAN port to your LAN. This seems obvious, but routing doesn't start right away, so you may think you have it hooked up incorrectly.
    4. Don't use the pfSense box as your gateway! Use the gateway of your ISP.
    5. Install the Dashboard package. You'll thank me later.

Happy pfSense'ing!

 
Posted at 7:15 PM by mevans | Category: Network Best Practices | Permalink | Email this Post | Comments (0)