I am making this form to get some guidence, ive tried for quite awhile trying offical and even nonoffical guides on how to setup a transparent firewall.
however when i try testing my firewall by trying to block all internet access by making a firewall rule on my bridge interface. it does not block.
I was first running opnsense in a virtual machine. i thought that was the problem. so i installed it on a seprate system however it still does not work.
it like the opnsense is just bridging my wan and lan together without inspecting traffic.
My setup is like this
ISP router (Bridge mode) -> Opnsense firewall -> Home Google wifi router.
if i dont put it in the "transparent firewall mode" or whatever you actually call it. it works. however i then have a problem. Double NAT.
So is their any way that i could use opn sense with my existing router. however just making opnsense just act as a firewall and nothing else?
How does your Google WiFi router connect to the Internet? PPPoE? Even if it's DHCP it will probably do NAT, right?
So how is OPNsense supposed to filter anything if in the PPPoE case it can see nothing, only a single PPPoE data stream, or in the DHCP case only the external IP address of the Google router?
A transparent filtering bridge belongs between your Google router and your internal switch.
And also, if your ISP modem is in bridge mode, you dont have double NAT.
As other people have mentioned, it's hard to guess without knowing your exact configuration and topology. Can you share with us a network diagram and/or screenshots of the current configuration (sans sensitive information of course)? Having a router behind a firewall does not necessarily mean that you have to NAT something on the firewall itself so you can avoid double NAT if the ONT is in bridge mode as you stated.
Conversely, you might want the OpnSense firewall to also act as the main router and set up the Google mesh in AP/bridge mode. This would entail configuring the client side (pppoe client, dhcp client, static ip, whatever your provider offers) on the OpnSense device. I've successfully had TpLink Decos behind an OpnSense firewall sitting on an industrial 4-port Ethernet mini-PC and it worked perfectly.