OPNSense Transparent bridge PPPoE between ISP and router

[St0nE]

I'm trying to make an OPNsense connection diagram based on the attached image.
When creating a transparent bridge, there is a PPPoE connection to the ISP and
the Internet works on OPNsense, but I can't configure the section between Opnsense and the router.
The goal is to filter traffic between ISP and router.
Please tell me what settings need to be made between OPNsense and router.
What settings do I need to make in the firewall rules on OPNsense Transparent Bridge and router?
And is this scheme working?
Thank you for your answers.

[dseven]

It's not clear (to me) what you're trying to accomplish. What is the purpose of the router?

[St0nE]

Basically, router authorizes Active Directory users and regulates internet access based on user name, not IP.  Unfortunately, OPNsense does not know how to do this yet.

[St0nE]

And I want to install OPNsense to filter IDS/IPS traffic to router, since router does not know how to do this.

[dseven]

OK, so.... if OPNsense is doing PPPoE, it has to be acting as a router, not a transparent bridge. If PPPoE is on the router behind OPNsense, OPNsense could be a bridge, but it wouldn't "see" the traffic that you want to inspect/filter - it would only see PPPoE encapsulated traffic.

If you want to use OPNsense as a transparent bridge, I think it would have to be on the LAN side of the router, and the router would do PPPoE.

Alternatively you could do the double-NAT thing........

[St0nE]

Thanks for the answer! It's just that the Transparent bridge setup has a choice of IP, DHCP and PPPoE, so I thought it was possible to implement a similar scheme.
Apparently it really won't work. Thanks again for the reply.

[EricPerl]

I just setup a transparent filtering bridge.
It's my introduction to OPNsense so beware...

I didn't even give an IP configuration to my bridge.
As I understand it, it just shoves packets received on one side to the other, apart from the ones that it filters.
A nice consequence of all this is that adding/removing it is just about moving couple cables around.

Anyway, even in the absence of PPPoE, inserting the bridge on the WAN side of your router also means it only sees NAT traffic. It makes it painful (at best) to find where the traffic is coming from on your LAN.

Personally, per various guides, I inserted mine between my router and my main switch.
All internet traffic goes through, as does inter-VLAN, and a few other things handled by the router (e.g. DHCP).
I ended up moving my inter-VLAN controls to OPNsense, mostly because my router's rule enforcement subsystem provides no logging whatsoever.

HTH