Could This Be The Reason?

[timlab55]

I've been trying to set up Opnsense transparent bridge for almost a month now (spent over 60 hours).  I've been following The Network Guy.  I do exactly what he does on the video.  When I get to the part where we're almost ready to put the bridge up and going to hit Change (something), I lose everything.  Even my maintenance can't get back in.  Therefore, I have to start all over again.  Last night I was messing with my router (RT-BE86U) and came to realize that it has AiProtection on it, including Two-Way IPS, Malicious Sites Blocking, Infected Device Prevention, and Blocking.  Would this prevent me from running the Bridge completely?  If so, is there a workaround? 
Thanks

[meyergru]

IDK, because "AI" can mean anything, so, probably, yes, it may prevent you from running "anything", too.

BTW: Do you still love your router?

IMHO, using a router on top of another is a bad thing (tm) in the first place. Having one of these routers do unspecified magic "might" make it even harder. Once you throw an unknown variable in the mix (i.e. your first router), you will not get much helpful advice with the other (OpnSense).
Even less so when you use a non-typical setup like a transparent bridge.

[bimbar]

Transparent bridge is not a supported or recommended setup for opnsense - or any other router, for that matter.

It is what you do when you can not do anything else.

[Monviech (Cedrik)]

It eludes my why so many (new) users choose the transparent filtering bridge setup. It is quite advanced, and the benefits are simply not applicable for small home setups.

I would strongly advice against it, or read my updated guide on it to learn more about the scope of that decision:

https://github.com/opnsense/docs/blob/master/source/manual/how-tos/transparent_bridge.rst

[pfry]

[...]Even my maintenance can't get back in.[...]

How are you physically connected? (I couldn't determine this offhand from your earlier posts.) I do not use transparent bridging; I use four non-transparent bridges, and I have ~6 physical ports - likely not comparable. I just wouldn't expect an external device to play a role in workstation-to-firewall communication. Are you using the Asus as a LAN distribution device?

Why not set up your bridge as non-transparent (i.e. assign an IP to it)? At least initially; if you have the burning desire to remove it, you can.

I'm an oddball here in that I like bridging. It fits my Internet link, and it has certain flexibility that I value (enough to put up with the disadvantages).

[OPNenthu]

It eludes my why so many (new) users choose the transparent filtering bridge setup.

Because YouTube sold it as an easy/fun project and a way to add network security via a black box that you plug and play and not touch a single thing on your existing router.  Also, a travel companion to keep you safe when using hotel internet.

Whether those claims are true or not is beyond me.  I haven't used Suricata but I have heard of the many false alarms it raises.

[Patrick M. Hausen]

Adding the magic security device [1] to your network will improve security. Of course.

Might contain traces of sarcasm.

[1] https://www.ranum.com/security/computer_security/papers/a1-firewall/index.html

[meyergru]

No, Patrick, just no. That device is not at all transparent, which is a huge difference.

Should I add a new point "About Home Network Guy's and other's youtube videos and why to avoid transparent bridges in general" to the READ ME FIRST article? Up to this point, I avoided changing the order because of the many references, but this one should probably be way up.

[Monviech (Cedrik)]

The issue with a readme is that people do not read a readme in general. And if its too long its TL:DR so even less people even attempt to give it a go.

Better keep it as short and concise as possible, like e.g. the rules of the internet. xD