Transparant Bridge mode

[ldanna1945]

I've setup the OPNsense as a transparent bridge.  It seems to be working but I cannot access the OPNsense GUI.
Instructions said to remove the IP addressees of the wan and lan.  Did that. I see on the console the bridge has an address of 192.168.1.180 which I believe it got from the router.  I cannot ping that address nor can I access the GUI.  Any ideas of where to look? since I cannot access the GUI I will need to make changes via the CLI

[ldanna1945]

Another question. I've rearranged the OPNsense to be between my modem and my router. Since it is supposed to be transparent now  it works. I can reach internet fine. The same problem how do I access the web GUI ? My goal is to not have to use opnsense as a router but to be in the middle and to setup  for  AV and ADD protection. Since the OPNsense has no IP address how can it receive updates. It has only 2 working NICs so configuring another NIC for management is not an option.  Am I up the creek and have to go back to a OPNsense router configuration?

any Ideas


Larry

[ldanna1945]

Trying to access OPNsense web GUI. in transparent bridge mode. Connections are as follows.
WAN connection from Modem to WAN connection on OPNSense 1x1.  the  LAN connection 1x0 on OPNSense to the WAN in on the router. LAN out from router to a switch. My computer connected to the switch.  Access to internet works at this point indicating bridge is working.
I connected third  NIC  on OPNSense 1x2  to the switch and configured the connection in OPNsense via serial CLI to be configured via DHCP.
OPNSense got an address of 192.168.1.168 from the router. My computer has an address of 192.168.1.166.  Ping to internet is successful. Ping to 1x2 address 192.168.1.168 failed and I cannot access web GUI.

So what am I doing wrong or is there another configuration I should try.

Thanks

LArry

[Patrick M. Hausen]

You are missing a firewall rule on that third NIC that allows access, probably.

You can on the console disable the firewall and test if that "fixes" things, then create the rule from the UI.

Code Select Expand

pfctl -d # globally disable firewall

HTH,
Patrick

[ldanna1945]

Thanks Patrick,
that got me to the web Gui.
If I reinstate the firewall rules I get dumped until I run the command to stop the firewall.
What are the best ways to enable firewall rules in transparent bridge mode?

[Patrick M. Hausen]

I don't know, I don't run transparent bridge mode.

I suggest starting with a "allow any any" rule on that management interface (OPT1?) as a start.

Then to proceed further - you should know. You decided to implement this rather unusual setup  ;)
A firewall is a policy enforcement device. You need a policy first.

[Strator]

Trying to access OPNsense web GUI. in transparent bridge mode. Connections are as follows.
WAN connection from Modem to WAN connection on OPNSense 1x1.  the  LAN connection 1x0 on OPNSense to the WAN in on the router. LAN out from router to a switch. My computer connected to the switch.  Access to internet works at this point indicating bridge is working.
I connected third  NIC  on OPNSense 1x2  to the switch and configured the connection in OPNsense via serial CLI to be configured via DHCP.
OPNSense got an address of 192.168.1.168 from the router. My computer has an address of 192.168.1.166.  Ping to internet is successful. Ping to 1x2 address 192.168.1.168 failed and I cannot access web GUI.

So what am I doing wrong or is there another configuration I should try.

Thanks

LArry

Use the OPNsense LAN as the management interface, i.e. connect it to the switch. Connect the extra third NIC to the router WAN. Bridge the OPNsense WAN and the third NIC (OPT1). Do it exactly as described here.

https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-transparent-filtering-bridge-on-opnsense

It works.

[ldanna1945]

Thanks Got it working

Larry