OPNsense Forum

Archive => 16.7 Legacy Series => Topic started by: TheLinuxGuy on December 30, 2016, 01:18:47 pm

Title: Transparent firewall - VLANs with public IP ranges?
Post by: TheLinuxGuy on December 30, 2016, 01:18:47 pm

I have been a pfsense user for 3 years (and have the pfsense book), I recently became aware of opnsense and noticed there's been a lot of effort put into this fork of pfsense, I wanted to come here and ask to see if I get some direction and help on my upcoming project where I will need an open source solution.

The book doesn't really talk about how to make your pfsense firewall be transparent and allow public IP vlans - there is some documentation (a PDF from someone 4 years ago here https://forum.pfsense.org/index.php?topic=50711.0 (https://forum.pfsense.org/index.php?topic=50711.0))

I don't know if anyone, maybe the developers of opnsense have a similar setup to what I will need to setup (see attached diagram)

There is a layer 2 dumb switch that can segregate ports by 802.1q tags, but basically the goal of what I would like to do by possibly running opnsense is for it to allow a seamless/transparent firewall mode, with the ability to allow all network ports and services (at first) and later allowing me to lock down ports/services on a per VLAN basis.

I think this could be easily done with 'rules' - I am guessing the default rule is to block-all traffic unless explicitly allowed? I am not sure how to make the firewall transparent if I have a rule allow any to all for that vlan and later add "deny" rules on top...

Would OPNsense be a better option for me? is there a better or has someone done this with OPNsense before? Basically it will be the firewall protecting a small datacenter.