1
Tutorials and FAQs / Re: Building a Transparent Bridge Filter with OPNsense
« on: November 07, 2024, 01:24:28 pm »Coming from someone who started on OPNsense with a transparent filtering bridge a few weeks back:
Neither of the guides makes recommendations with regards to physical implementation on the existing network, specifically in relationship with an existing router.
The OPN guide disables bogons/privates on the WAN side, merely implying the bridge is within a private network.
This guide says nothing about bogons/privates BTW.
In https://github.com/opnsense/docs/issues/614, the author has it between modem and router, which could actually explain why he has issues accessing the bridge (presumably from the LAN side of the router) depending on the IP used on the management interface. Step 4 in the OPN guide is light on details for noobs.
With a 3rd physical interface used for management, it's my understanding that the bridge could be accessed more naturally from the LAN side.
Another guide I found when I started mentioned that a big drawback of using the bridge on the WAN side of the router meant it would only be exposed to NAT traffic from the main LAN, making correlation to LAN traffic painful at best. That made sense to me.
The suggestion of a dedicated third physical interface for management appears to be a logical solution, as it would allow more direct access from the LAN side without NAT restrictions.
Another important point you raised is about exposing the bridge to NAT traffic when placed on the WAN side of the router—a configuration that can complicate detailed LAN traffic analysis and monitoring. This reinforces the need for an implementation where LAN traffic can be easily correlated, perhaps making it more practical to place the bridge on the internal network side.
This could provide good feedback. If there’s a practical effect, we can improve this how-to further.