SlideShare une entreprise Scribd logo

Transparent firewall filtering bridge - pf sense 2.0.2 by william tarrh

Hichem Chehida
Hichem Chehida

This document provides instructions for setting up a transparent firewall/filtering bridge with pfSense 2.0.2. It details the necessary hardware, initial pfSense setup steps, and configuration of the WAN interface, LAN interface, bridge interface, firewall rules, and other important pfSense settings. Specifically, it explains how to enable the filtering bridge, configure outbound NAT rules, and restrict access to the management interface. The transparent bridge defaults to blocking all traffic unless allowed by firewall rules, so rules must be created to allow outbound traffic from the LAN.

Internet
1  sur  11
Télécharger pour lire hors ligne
1 Transparent Firewall/Filtering Bridge - pfSense 2.0.2 By William Tarrh Version 2 – February 6, 2013
2 Transparent Firewall/Filtering Bridge - pfSense 2.0.2 This “how to” is an updated version of Trendchiller’s 2007 How to Setup a transparent firewall /filtering bridge with pfSense based on pfSense 1.0-PREBETA2-BUG-VALIDATION-EDITION. My contribution to this project is documenting what has been noted by others on the pfSense forum, walking in Trendchiller’s footsteps and the submission of the document itself. Special thanks to Chris Buechler, Scott Ullrich and all of those who contribute to the pfSense Forum. I would also like to thank Dr. Jeff Rattray who helped me work through some of the kinks in this project.
3 Contents Hardware Requirements and Setup Page 4 Initial Setup Page 4 pfSense GUI Login Page 4 Firewall – WAN - Anti-Lockout Rule Page 4 Configure WAN Interface Page 5 Enable and Configure LAN Interface Page 5 Enable and Configure the Bridge Page 6 Enable the Filtering Bridge Page 7 Enable Manual outbound NAT rule generation (AON – Advanced Outbound NAT) Page 8 Configure Hostname, Domain, DNS servers, Time zone, and NTP time server Page 8 Reboot pfSense Firewall Page 8 Restrict Access to the Management Interface Page 9 Overview and Understanding of the Transparent Bridge Page 11
4 1. Hardware Requirements and Setup a. Two compatible NIC’s for the LAN and WAN interfaces. pfSense Hardware Compatibility 2. Initial Setup a. Upon completing a fresh installation of pfSense a restart will be required. After the first reboot you will be greeted with “Do you want to set up VLANs now [y|n]?” Select “No”. b. Next you will be requested to select your WAN interface or select ‘a’ for auto detection. Select your desired WAN interface card from the list. Next you will be asked to select your LAN interface card. Press “Enter”, we will configure this interface later. c. At the welcome screen only setup the WAN interface. Assign this adapter a static address or use the assigned DHCP address; we will use this address to configure the firewall from this point on. 3. pfSense GUI Login a. Open a browser window and enter the IP address assigned to the pfSense WAN interface. The default username and password are admin and pfsense. 4. Firewall – WAN - Anti-Lockout Rule a. First, let’s be sure not to get locked out of the WAN interface by setting up our own temporary “anti-lockout” rule. Navigate to “Firewall” -> “Rules”. By default the “Anti- Lockout” rule is applied to the WAN interface as seen below. As soon as the LAN interface is enabled this “Anti-Lockout” rule will be migrated automatically to the LAN interface.
5 b. To create a new rule, select the ‘+’ on the bottom right-hand corner. This will take you to the Rules: Edit page. In the “Rules: Edit” create a rule that resembles the screen shot below. The rule below will allow all traffic to access the WAN interface. Keep in mind this is a temporary rule. Select “Save” and then “Apply Changes”. 5. Configure WAN Interface a. Navigate to “Interfaces” -> “WAN” and scroll down to “Static IP configuration”. In the “Gateway” field select “add a new one” and enter your Gateway. b. Navigate to “System” -> “General Setup”; add your hostname, Domain and DNS Servers. To the right of your DNS servers select your Gateway from the dropdown menus. 6. Enable and Configure LAN Interface a. Navigate to “Interfaces” -> “(assign)”. Select the ‘+’ and then select your “LAN” interface. Now select “Save” and then “Apply Changes”.
6 Navigate to “Interfaces” -> “LAN”. In General configuration check the “Enable Interface” box. The screen will auto populate. Be sure that Type is set to “None”. “Save” and “Apply Changes”. 7. Enable and Configure the Bridge a. Now that our LAN and WAN interfaces are enabled and configured we can create the Bridge. Navigate to “Interfaces -> (assign)” from the menu and then select the “Bridges” tab to the far right. Select the ‘+’ to navigate to “Bridge:Edit”. b. In “Bridge: Edit” hold the “Ctrl” key on your keyboard and select the “WAN” and “LAN” so they are both highlighted. Assign your Bridge a name in the “Description” field. Select “Save” and then “Apply Changes”.
7 c. Navigate to “Interfaces” -> “OPT1”. In General configuration check the “Enable Interface” box. The screen will auto populate. You can also change the interface description at this point, I have changed mine from “OPT1” to “Bridge”. Be sure that Type is set to “None”. “Save” and “Apply Changes”. 8. Enable the Filtering Bridge a. In the menu navigate to “System -> Advanced” and select the “System Tunables” tab. b. Locate the “net.link.bridge.pfil_bridge” in the “Tunable Name” column and double-click it. c. In the “Value” field change this from “Default” to “1”. Select “Save” and “Apply Changes”.
8 9. Enable Manual outbound NAT rule generation (AON – Advanced Outbound NAT) a. From the menu select “Firewall -> NAT” and the “Outbound” tab. b. Click “Manual outbound NAT rule generation (AON – Advanced Outbound NAT)” and select “Save”. Delete any rules that auto-populate in the mappings area. 10. Configure Hostname, Domain, DNS servers, Time zone, and NTP time server. a. From the menu select “System” -> “General Setup”. b. Most fields can be left default but be sure to configure your DNS server and NTP time server. 11. Reboot pfSense Firewall a. In order to fully apply all changes reboot your pfSense firewall by going to “Diagnostics -> Reboot”. In this menu select “Yes”.
9 12. Restrict Access to the Management Interface a. This documentation was taken from doc.pfsens.org, I found it to be very helpful. I configured the access restrictions on the LAN and WAN interfaces. http://doc.pfsense.org/index.php/Restrict_access_to_management_interface If you use a restrictive ruleset on your LAN, make sure it permits access to the web interface before continuing. Now disable the anti-lockout rule by going to the System -> Advanced page and checking the "Disable webGUI anti-lockout rule" box. Click Save and the rule will be removed.
10 Now I suggest adding a network alias for management access, and if you use both web and SSH administration, add an alias for those ports. Now add a firewall rule allowing the sources defined in your management alias to the destination LAN address, with the port used or alias created for those using multiple ports. Make sure this rule comes first in the list. Then add a rule based on that rule (the + next to the rule), changing action to block or reject (I prefer reject on internal networks), source to any, and destination the same. When finished your ruleset should look like the following. Apply your changes and your management interface is now restricted to only the defined hosts.
11 13. Overview and Understanding of the Transparent Bridge I use the WAN as the management interface because I was unable to reach anything external, obtain updates or browse packages when the LAN or Bridge was configured as the management interface. Treat the LAN and WAN interfaces as you would a standard firewall, keep in mind that the default action in the transparent bridge is to block all traffic unless explicitly allowed in the firewall. You will only need to setup rules on the LAN and WAN, I have yet to touch the Bridge. Generally a standard firewall will allow the LAN to ANY by default; allowing anything on the LAN outbound. In this transparent bridge scenario you MUST create a rule to allow your LAN outbound. As stated above the default behavior of the transparent bridge is to block unless explicitly allowed. Cheers!

Recommandé

1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And AnswersCCNAResources
 
Data Communications and Computer Networks
Data Communications and Computer Networks Data Communications and Computer Networks
Data Communications and Computer Networks Jubayer Alam Shoikat
 
Routing algorithms
Routing algorithmsRouting algorithms
Routing algorithmsMoctardOLOULADE
 
Application layer
Application layerApplication layer
Application layerreshmadayma
 
The Network Layer
The Network LayerThe Network Layer
The Network Layeradil raja
 
Bandwidth
BandwidthBandwidth
BandwidthSanad Bhowmik
 
Actividad 1 practica redes inalambricas (1)
Actividad 1 practica redes inalambricas (1)Actividad 1 practica redes inalambricas (1)
Actividad 1 practica redes inalambricas (1)dianamarcela0611
 
Network layer
Network layerNetwork layer
Network layerHasib Shaikh
 

Recommandé

1000 Ccna Questions And Answers
1000 Ccna Questions And Answers1000 Ccna Questions And Answers
1000 Ccna Questions And AnswersCCNAResources
 
Data Communications and Computer Networks
Data Communications and Computer Networks Data Communications and Computer Networks
Data Communications and Computer Networks Jubayer Alam Shoikat
 
Routing algorithms
Routing algorithmsRouting algorithms
Routing algorithmsMoctardOLOULADE
 
Application layer
Application layerApplication layer
Application layerreshmadayma
 
The Network Layer
The Network LayerThe Network Layer
The Network Layeradil raja
 
Bandwidth
BandwidthBandwidth
BandwidthSanad Bhowmik
 
Actividad 1 practica redes inalambricas (1)
Actividad 1 practica redes inalambricas (1)Actividad 1 practica redes inalambricas (1)
Actividad 1 practica redes inalambricas (1)dianamarcela0611
 
Network layer
Network layerNetwork layer
Network layerHasib Shaikh
 
Computer networking (nnm)
Computer networking (nnm)Computer networking (nnm)
Computer networking (nnm)nnmaurya
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCPTan Huynh Cong
 
Chapter08
Chapter08Chapter08
Chapter08Muhammad Ahad
 
Network Topology
Network TopologyNetwork Topology
Network TopologyVimalChaudhary12
 
TCP/IP Introduction
TCP/IP IntroductionTCP/IP Introduction
TCP/IP IntroductionDineesha Suraweera
 
Data link control
Data link controlData link control
Data link controlIffat Anjum
 
Transmission Medium
Transmission MediumTransmission Medium
Transmission Mediumsabari Giri
 
AAA Protocol
AAA ProtocolAAA Protocol
AAA ProtocolNetwax Lab
 
Computer Networking Theory Assignment 1
Computer Networking Theory Assignment 1Computer Networking Theory Assignment 1
Computer Networking Theory Assignment 1Hasibul Islam Nirob
 
OSI Model - Open Systems Interconnection
OSI Model - Open Systems InterconnectionOSI Model - Open Systems Interconnection
OSI Model - Open Systems InterconnectionAdeel Rasheed
 
02 protocol architecture
02 protocol architecture02 protocol architecture
02 protocol architecturechameli devi group of institutions
 
Internet Protocol (IP) And Different Networking Devices.
Internet Protocol (IP) And Different Networking Devices.Internet Protocol (IP) And Different Networking Devices.
Internet Protocol (IP) And Different Networking Devices.Clinton Dsouza
 
Introduction to DNS
Introduction to DNSIntroduction to DNS
Introduction to DNSJonathan Oxer
 
Network Sockets
Network SocketsNetwork Sockets
Network SocketsPeter R. Egli
 
Microsoft Remote Desktop Services
Microsoft Remote Desktop ServicesMicrosoft Remote Desktop Services
Microsoft Remote Desktop ServicesRonnie Isherwood
 
Resume IT administrator
Resume IT administratorResume IT administrator
Resume IT administratorGnanakumar kumar
 
Topic 1.2 principle of communication in networking
Topic 1.2 principle of communication in networkingTopic 1.2 principle of communication in networking
Topic 1.2 principle of communication in networkingAtika Zaimi
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Aruba, a Hewlett Packard Enterprise company
 
Aruba Campus Wireless Networks
Aruba Campus Wireless NetworksAruba Campus Wireless Networks
Aruba Campus Wireless NetworksContent Rules, Inc.
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS SolutionSrikrupa Srivatsan
 
Guide mise en oeuvre-pfsensev2
Guide mise en oeuvre-pfsensev2Guide mise en oeuvre-pfsensev2
Guide mise en oeuvre-pfsensev2Hichem Chehida
 
A Lap Around PowerShell 3.0
A Lap Around PowerShell 3.0A Lap Around PowerShell 3.0
A Lap Around PowerShell 3.0Sarah Dutkiewicz
 

Contenu connexe

Tendances

Computer networking (nnm)
Computer networking (nnm)Computer networking (nnm)
Computer networking (nnm)nnmaurya
 
Data link control
Data link controlData link control
Data link controlIffat Anjum
 
Transmission Medium
Transmission MediumTransmission Medium
Transmission Mediumsabari Giri
 
Computer Networking Theory Assignment 1
Computer Networking Theory Assignment 1Computer Networking Theory Assignment 1
Computer Networking Theory Assignment 1Hasibul Islam Nirob
 
OSI Model - Open Systems Interconnection
OSI Model - Open Systems InterconnectionOSI Model - Open Systems Interconnection
OSI Model - Open Systems InterconnectionAdeel Rasheed
 
Internet Protocol (IP) And Different Networking Devices.
Internet Protocol (IP) And Different Networking Devices.Internet Protocol (IP) And Different Networking Devices.
Internet Protocol (IP) And Different Networking Devices.Clinton Dsouza
 
Microsoft Remote Desktop Services
Microsoft Remote Desktop ServicesMicrosoft Remote Desktop Services
Microsoft Remote Desktop ServicesRonnie Isherwood
 
Topic 1.2 principle of communication in networking
Topic 1.2 principle of communication in networkingTopic 1.2 principle of communication in networking
Topic 1.2 principle of communication in networkingAtika Zaimi
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Aruba, a Hewlett Packard Enterprise company
 

Tendances (20)

Computer networking (nnm)
Computer networking (nnm)Computer networking (nnm)
Computer networking (nnm)
 
Configuration DHCP
Configuration DHCPConfiguration DHCP
Configuration DHCP
 
Chapter08
Chapter08Chapter08
Chapter08
 
Network Topology
Network TopologyNetwork Topology
Network Topology
 
TCP/IP Introduction
TCP/IP IntroductionTCP/IP Introduction
TCP/IP Introduction
 
Data link control
Data link controlData link control
Data link control
 
Transmission Medium
Transmission MediumTransmission Medium
Transmission Medium
 
AAA Protocol
AAA ProtocolAAA Protocol
AAA Protocol
 
Computer Networking Theory Assignment 1
Computer Networking Theory Assignment 1Computer Networking Theory Assignment 1
Computer Networking Theory Assignment 1
 
OSI Model - Open Systems Interconnection
OSI Model - Open Systems InterconnectionOSI Model - Open Systems Interconnection
OSI Model - Open Systems Interconnection
 
02 protocol architecture
02 protocol architecture02 protocol architecture
02 protocol architecture
 
Internet Protocol (IP) And Different Networking Devices.
Internet Protocol (IP) And Different Networking Devices.Internet Protocol (IP) And Different Networking Devices.
Internet Protocol (IP) And Different Networking Devices.
 
Introduction to DNS
Introduction to DNSIntroduction to DNS
Introduction to DNS
 
Network Sockets
Network SocketsNetwork Sockets
Network Sockets
 
Microsoft Remote Desktop Services
Microsoft Remote Desktop ServicesMicrosoft Remote Desktop Services
Microsoft Remote Desktop Services
 
Resume IT administrator
Resume IT administratorResume IT administrator
Resume IT administrator
 
Topic 1.2 principle of communication in networking
Topic 1.2 principle of communication in networkingTopic 1.2 principle of communication in networking
Topic 1.2 principle of communication in networking
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
 
Aruba Campus Wireless Networks
Aruba Campus Wireless NetworksAruba Campus Wireless Networks
Aruba Campus Wireless Networks
 
Infoblox Secure DNS Solution
Infoblox Secure DNS SolutionInfoblox Secure DNS Solution
Infoblox Secure DNS Solution
 

En vedette

Guide mise en oeuvre-pfsensev2
Guide mise en oeuvre-pfsensev2Guide mise en oeuvre-pfsensev2
Guide mise en oeuvre-pfsensev2Hichem Chehida
 
A Lap Around PowerShell 3.0
A Lap Around PowerShell 3.0A Lap Around PowerShell 3.0
A Lap Around PowerShell 3.0Sarah Dutkiewicz
 
StarEast2013 - kanban for test teams
StarEast2013 - kanban for test teamsStarEast2013 - kanban for test teams
StarEast2013 - kanban for test teamsDerk-Jan de Grood
 
The Dark Side of Code Metrics
The Dark Side of Code MetricsThe Dark Side of Code Metrics
The Dark Side of Code MetricsDonald Belcham
 
Introduction to kanban
Introduction to kanbanIntroduction to kanban
Introduction to kanbanRobert Dempsey
 
How to Get Started with Kanban, and Why
How to Get Started with Kanban, and WhyHow to Get Started with Kanban, and Why
How to Get Started with Kanban, and WhyIngvald Skaug
 
Maersk Line's Agile Journey LESS 2012
Maersk Line's Agile Journey LESS 2012 Maersk Line's Agile Journey LESS 2012
Maersk Line's Agile Journey LESS 2012 OzlemYuce
 
Spec flow – functional testing made easy
Spec flow – functional testing made easySpec flow – functional testing made easy
Spec flow – functional testing made easyPaul Stack
 
Identifying and managing waste in software product development
Identifying and managing waste in software product developmentIdentifying and managing waste in software product development
Identifying and managing waste in software product developmentKen Power
 
Kanban 101 - 3 - Kanban Essentials
Kanban 101 - 3 - Kanban EssentialsKanban 101 - 3 - Kanban Essentials
Kanban 101 - 3 - Kanban EssentialsMichael Sahota
 
Seven Types Of Waste: Setting Priorities For Improvement Discussion
Seven Types Of Waste: Setting Priorities For Improvement DiscussionSeven Types Of Waste: Setting Priorities For Improvement Discussion
Seven Types Of Waste: Setting Priorities For Improvement DiscussionKathy McShea
 
Kanban 101 - 1 - Perfection, Waste and Value Stream Mapping
Kanban 101 - 1 - Perfection, Waste and Value Stream MappingKanban 101 - 1 - Perfection, Waste and Value Stream Mapping
Kanban 101 - 1 - Perfection, Waste and Value Stream MappingMichael Sahota
 
Alternate Hourly Lean Introduction
Alternate Hourly Lean IntroductionAlternate Hourly Lean Introduction
Alternate Hourly Lean IntroductionHarold Philbrick
 
Kanban Basics for Beginners
Kanban Basics for BeginnersKanban Basics for Beginners
Kanban Basics for BeginnersZsolt Fabok
 
Using Erlang on the RaspberryPi to interact with the physical world
Using Erlang on the RaspberryPi to interact with the physical worldUsing Erlang on the RaspberryPi to interact with the physical world
Using Erlang on the RaspberryPi to interact with the physical worldBrian Chamberlain
 

En vedette (20)

Guide mise en oeuvre-pfsensev2
Guide mise en oeuvre-pfsensev2Guide mise en oeuvre-pfsensev2
Guide mise en oeuvre-pfsensev2
 
A Lap Around PowerShell 3.0
A Lap Around PowerShell 3.0A Lap Around PowerShell 3.0
A Lap Around PowerShell 3.0
 
Kanban in sw development
Kanban in sw developmentKanban in sw development
Kanban in sw development
 
StarEast2013 - kanban for test teams
StarEast2013 - kanban for test teamsStarEast2013 - kanban for test teams
StarEast2013 - kanban for test teams
 
The Dark Side of Code Metrics
The Dark Side of Code MetricsThe Dark Side of Code Metrics
The Dark Side of Code Metrics
 
Introduction to kanban
Introduction to kanbanIntroduction to kanban
Introduction to kanban
 
How to Get Started with Kanban, and Why
How to Get Started with Kanban, and WhyHow to Get Started with Kanban, and Why
How to Get Started with Kanban, and Why
 
Maersk Line's Agile Journey LESS 2012
Maersk Line's Agile Journey LESS 2012 Maersk Line's Agile Journey LESS 2012
Maersk Line's Agile Journey LESS 2012
 
Combating entropy in business
Combating entropy in businessCombating entropy in business
Combating entropy in business
 
Mvvm basics
Mvvm basicsMvvm basics
Mvvm basics
 
Spec flow – functional testing made easy
Spec flow – functional testing made easySpec flow – functional testing made easy
Spec flow – functional testing made easy
 
Identifying and managing waste in software product development
Identifying and managing waste in software product developmentIdentifying and managing waste in software product development
Identifying and managing waste in software product development
 
Kanban 101 - 3 - Kanban Essentials
Kanban 101 - 3 - Kanban EssentialsKanban 101 - 3 - Kanban Essentials
Kanban 101 - 3 - Kanban Essentials
 
Seven Types Of Waste: Setting Priorities For Improvement Discussion
Seven Types Of Waste: Setting Priorities For Improvement DiscussionSeven Types Of Waste: Setting Priorities For Improvement Discussion
Seven Types Of Waste: Setting Priorities For Improvement Discussion
 
Scrum-ban in practice
Scrum-ban in practiceScrum-ban in practice
Scrum-ban in practice
 
Waste Elimination
Waste EliminationWaste Elimination
Waste Elimination
 
Kanban 101 - 1 - Perfection, Waste and Value Stream Mapping
Kanban 101 - 1 - Perfection, Waste and Value Stream MappingKanban 101 - 1 - Perfection, Waste and Value Stream Mapping
Kanban 101 - 1 - Perfection, Waste and Value Stream Mapping
 
Alternate Hourly Lean Introduction
Alternate Hourly Lean IntroductionAlternate Hourly Lean Introduction
Alternate Hourly Lean Introduction
 
Kanban Basics for Beginners
Kanban Basics for BeginnersKanban Basics for Beginners
Kanban Basics for Beginners
 
Using Erlang on the RaspberryPi to interact with the physical world
Using Erlang on the RaspberryPi to interact with the physical worldUsing Erlang on the RaspberryPi to interact with the physical world
Using Erlang on the RaspberryPi to interact with the physical world
 

Similaire à Transparent firewall filtering bridge - pf sense 2.0.2 by william tarrh

PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3series09
 
Configuring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingConfiguring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingHelmer Villarreal
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501robertguerra
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501robertguerra
 
Webinar NETGEAR - Prosafe VPN Firewall - Configurazione di NAT e Gestione del...
Webinar NETGEAR - Prosafe VPN Firewall - Configurazione di NAT e Gestione del...Webinar NETGEAR - Prosafe VPN Firewall - Configurazione di NAT e Gestione del...
Webinar NETGEAR - Prosafe VPN Firewall - Configurazione di NAT e Gestione del...Netgear Italia
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Ajeet Singh
 
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleWebinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleNetgear Italia
 
How to-troubleshoot-nat-related-issues
How to-troubleshoot-nat-related-issuesHow to-troubleshoot-nat-related-issues
How to-troubleshoot-nat-related-issuesMadhu Thamatam
 
FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverTomaz Muraus
 
VPNBee firewall/VPN/load balancer from Gayatri Hitech based on OpenBSD pf
VPNBee firewall/VPN/load balancer from Gayatri Hitech based on OpenBSD pfVPNBee firewall/VPN/load balancer from Gayatri Hitech based on OpenBSD pf
VPNBee firewall/VPN/load balancer from Gayatri Hitech based on OpenBSD pfGirish Venkatachalam
 
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLEWebinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLENetgear Italia
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Web Werks Data Centers
 

Similaire à Transparent firewall filtering bridge - pf sense 2.0.2 by william tarrh (20)

PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3PFSENSE Load Balance with Fail Over From Version Beta3
PFSENSE Load Balance with Fail Over From Version Beta3
 
Bsd routers
Bsd routersBsd routers
Bsd routers
 
Configuring sonic wall__port_forwarding
Configuring sonic wall__port_forwardingConfiguring sonic wall__port_forwarding
Configuring sonic wall__port_forwarding
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501
 
Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501Installation of pfSense on Soekris 6501
Installation of pfSense on Soekris 6501
 
Webinar NETGEAR - Prosafe VPN Firewall - Configurazione di NAT e Gestione del...
Webinar NETGEAR - Prosafe VPN Firewall - Configurazione di NAT e Gestione del...Webinar NETGEAR - Prosafe VPN Firewall - Configurazione di NAT e Gestione del...
Webinar NETGEAR - Prosafe VPN Firewall - Configurazione di NAT e Gestione del...
 
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud Palo Alto Virtual firewall deployment guide on OpenStack Cloud
Palo Alto Virtual firewall deployment guide on OpenStack Cloud
 
Aruba instant iap setup rev3
Aruba instant iap setup rev3Aruba instant iap setup rev3
Aruba instant iap setup rev3
 
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità EnsembleWebinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
Webinar NETGEAR - La gestione wireless centralizzata con la modalità Ensemble
 
How to publish your NAS on the Internet?
How to publish your NAS on the Internet?How to publish your NAS on the Internet?
How to publish your NAS on the Internet?
 
How to-troubleshoot-nat-related-issues
How to-troubleshoot-nat-related-issuesHow to-troubleshoot-nat-related-issues
How to-troubleshoot-nat-related-issues
 
Dev stacklabguide
Dev stacklabguideDev stacklabguide
Dev stacklabguide
 
Devstack lab guide
Devstack lab guideDevstack lab guide
Devstack lab guide
 
Tp link error codes
Tp link error codesTp link error codes
Tp link error codes
 
3- NIC Teaming
3- NIC Teaming3- NIC Teaming
3- NIC Teaming
 
Cover test
Cover testCover test
Cover test
 
FreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 serverFreeBSD, ipfw and OpenVPN 2.1 server
FreeBSD, ipfw and OpenVPN 2.1 server
 
VPNBee firewall/VPN/load balancer from Gayatri Hitech based on OpenBSD pf
VPNBee firewall/VPN/load balancer from Gayatri Hitech based on OpenBSD pfVPNBee firewall/VPN/load balancer from Gayatri Hitech based on OpenBSD pf
VPNBee firewall/VPN/load balancer from Gayatri Hitech based on OpenBSD pf
 
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLEWebinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
Webinar NETGEAR - WiFi 11AC gestito con il controller virtuale ENSEMBLE
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.
 

Dernier

Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasDigicorns Technologies
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Balliameghakumariji156
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsMonica Sydney
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsMonica Sydney
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理F
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdfMatthew Sinclair
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理F
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 

Dernier (20)

Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girlsRussian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 

Transparent firewall filtering bridge - pf sense 2.0.2 by william tarrh

  • 1. 1 Transparent Firewall/Filtering Bridge - pfSense 2.0.2 By William Tarrh Version 2 – February 6, 2013
  • 2. 2 Transparent Firewall/Filtering Bridge - pfSense 2.0.2 This “how to” is an updated version of Trendchiller’s 2007 How to Setup a transparent firewall /filtering bridge with pfSense based on pfSense 1.0-PREBETA2-BUG-VALIDATION-EDITION. My contribution to this project is documenting what has been noted by others on the pfSense forum, walking in Trendchiller’s footsteps and the submission of the document itself. Special thanks to Chris Buechler, Scott Ullrich and all of those who contribute to the pfSense Forum. I would also like to thank Dr. Jeff Rattray who helped me work through some of the kinks in this project.
  • 3. 3 Contents Hardware Requirements and Setup Page 4 Initial Setup Page 4 pfSense GUI Login Page 4 Firewall – WAN - Anti-Lockout Rule Page 4 Configure WAN Interface Page 5 Enable and Configure LAN Interface Page 5 Enable and Configure the Bridge Page 6 Enable the Filtering Bridge Page 7 Enable Manual outbound NAT rule generation (AON – Advanced Outbound NAT) Page 8 Configure Hostname, Domain, DNS servers, Time zone, and NTP time server Page 8 Reboot pfSense Firewall Page 8 Restrict Access to the Management Interface Page 9 Overview and Understanding of the Transparent Bridge Page 11
  • 4. 4 1. Hardware Requirements and Setup a. Two compatible NIC’s for the LAN and WAN interfaces. pfSense Hardware Compatibility 2. Initial Setup a. Upon completing a fresh installation of pfSense a restart will be required. After the first reboot you will be greeted with “Do you want to set up VLANs now [y|n]?” Select “No”. b. Next you will be requested to select your WAN interface or select ‘a’ for auto detection. Select your desired WAN interface card from the list. Next you will be asked to select your LAN interface card. Press “Enter”, we will configure this interface later. c. At the welcome screen only setup the WAN interface. Assign this adapter a static address or use the assigned DHCP address; we will use this address to configure the firewall from this point on. 3. pfSense GUI Login a. Open a browser window and enter the IP address assigned to the pfSense WAN interface. The default username and password are admin and pfsense. 4. Firewall – WAN - Anti-Lockout Rule a. First, let’s be sure not to get locked out of the WAN interface by setting up our own temporary “anti-lockout” rule. Navigate to “Firewall” -> “Rules”. By default the “Anti- Lockout” rule is applied to the WAN interface as seen below. As soon as the LAN interface is enabled this “Anti-Lockout” rule will be migrated automatically to the LAN interface.
  • 5. 5 b. To create a new rule, select the ‘+’ on the bottom right-hand corner. This will take you to the Rules: Edit page. In the “Rules: Edit” create a rule that resembles the screen shot below. The rule below will allow all traffic to access the WAN interface. Keep in mind this is a temporary rule. Select “Save” and then “Apply Changes”. 5. Configure WAN Interface a. Navigate to “Interfaces” -> “WAN” and scroll down to “Static IP configuration”. In the “Gateway” field select “add a new one” and enter your Gateway. b. Navigate to “System” -> “General Setup”; add your hostname, Domain and DNS Servers. To the right of your DNS servers select your Gateway from the dropdown menus. 6. Enable and Configure LAN Interface a. Navigate to “Interfaces” -> “(assign)”. Select the ‘+’ and then select your “LAN” interface. Now select “Save” and then “Apply Changes”.
  • 6. 6 Navigate to “Interfaces” -> “LAN”. In General configuration check the “Enable Interface” box. The screen will auto populate. Be sure that Type is set to “None”. “Save” and “Apply Changes”. 7. Enable and Configure the Bridge a. Now that our LAN and WAN interfaces are enabled and configured we can create the Bridge. Navigate to “Interfaces -> (assign)” from the menu and then select the “Bridges” tab to the far right. Select the ‘+’ to navigate to “Bridge:Edit”. b. In “Bridge: Edit” hold the “Ctrl” key on your keyboard and select the “WAN” and “LAN” so they are both highlighted. Assign your Bridge a name in the “Description” field. Select “Save” and then “Apply Changes”.
  • 7. 7 c. Navigate to “Interfaces” -> “OPT1”. In General configuration check the “Enable Interface” box. The screen will auto populate. You can also change the interface description at this point, I have changed mine from “OPT1” to “Bridge”. Be sure that Type is set to “None”. “Save” and “Apply Changes”. 8. Enable the Filtering Bridge a. In the menu navigate to “System -> Advanced” and select the “System Tunables” tab. b. Locate the “net.link.bridge.pfil_bridge” in the “Tunable Name” column and double-click it. c. In the “Value” field change this from “Default” to “1”. Select “Save” and “Apply Changes”.
  • 8. 8 9. Enable Manual outbound NAT rule generation (AON – Advanced Outbound NAT) a. From the menu select “Firewall -> NAT” and the “Outbound” tab. b. Click “Manual outbound NAT rule generation (AON – Advanced Outbound NAT)” and select “Save”. Delete any rules that auto-populate in the mappings area. 10. Configure Hostname, Domain, DNS servers, Time zone, and NTP time server. a. From the menu select “System” -> “General Setup”. b. Most fields can be left default but be sure to configure your DNS server and NTP time server. 11. Reboot pfSense Firewall a. In order to fully apply all changes reboot your pfSense firewall by going to “Diagnostics -> Reboot”. In this menu select “Yes”.
  • 9. 9 12. Restrict Access to the Management Interface a. This documentation was taken from doc.pfsens.org, I found it to be very helpful. I configured the access restrictions on the LAN and WAN interfaces. http://doc.pfsense.org/index.php/Restrict_access_to_management_interface If you use a restrictive ruleset on your LAN, make sure it permits access to the web interface before continuing. Now disable the anti-lockout rule by going to the System -> Advanced page and checking the "Disable webGUI anti-lockout rule" box. Click Save and the rule will be removed.
  • 10. 10 Now I suggest adding a network alias for management access, and if you use both web and SSH administration, add an alias for those ports. Now add a firewall rule allowing the sources defined in your management alias to the destination LAN address, with the port used or alias created for those using multiple ports. Make sure this rule comes first in the list. Then add a rule based on that rule (the + next to the rule), changing action to block or reject (I prefer reject on internal networks), source to any, and destination the same. When finished your ruleset should look like the following. Apply your changes and your management interface is now restricted to only the defined hosts.
  • 11. 11 13. Overview and Understanding of the Transparent Bridge I use the WAN as the management interface because I was unable to reach anything external, obtain updates or browse packages when the LAN or Bridge was configured as the management interface. Treat the LAN and WAN interfaces as you would a standard firewall, keep in mind that the default action in the transparent bridge is to block all traffic unless explicitly allowed in the firewall. You will only need to setup rules on the LAN and WAN, I have yet to touch the Bridge. Generally a standard firewall will allow the LAN to ANY by default; allowing anything on the LAN outbound. In this transparent bridge scenario you MUST create a rule to allow your LAN outbound. As stated above the default behavior of the transparent bridge is to block unless explicitly allowed. Cheers!