Transparent Filtering Bridge / emails stop working

[gonzo]

Hi :)

We are trying to setup OPNSense as Transparent Filtering Bridge and we have faced some issues.

I was following this guide https://wiki.opnsense.org/manual/how-tos/transparent_bridge.html. The configuration I did seems is matching the guide but if we put the firewall to production then emails and online storage services stop working for users. There are "Allow all" rules on all interfaces, so I'm not sure why these things stop working.
Since we don't have testing environment setup options and we are working with productions servers we can't afford any more failures. So, we would be appreciated if you could assist us to solve this issue.

gonzo

[bartjsmit]

Hi gonzo,

Sorry, but if you have a production environment where users lose the organisation time and money if they cannot access external resources, you really only have two options:

- Perform your change out of production hours with a clear deadline for roll-back
- Create a route to live, with a testing/development and optionally a user acceptance environment

Unless you have a whole heap of diagnostics information (logs, packet traces, comprehensive tests) there will be a nearly insurmountable problem with planning another migration.

Bart...

[gonzo]

Hi :)

What you wrote is obvious, but that's not what I've been waiting for, because that's what I know.

The question is: why does email not work ?

gonzo

[slackadelic]

Have you tried a tcpdump capture on the inside and outside interfaces of the firewall to try and determine where the traffic stops flowing?