At a loss - Trying to set up a Transparent Filtering brudge

[domidam]

Hi there,

I am trying to set up a transparent filtering bridge on my home network. My topology is as follows: Modem -> Firewall -> Router.

After much frustration and confusion, I set up a dedicated MGMT port, with a small DHCP pool of about 10 addresses and a static IP of 192.168.1.2. While I would like to be able to access the firewall from my LAN through the MGMT port, it suffices for now and I can configure everything as I need to. The issue I am having is is that even after I double-checked that I followed OPNSenses documentation on the subject correctly, I am not able to communicate to the outside internet. WAN and LAN are both there, and The Bridge is there and enabled, I believe I set the firewall rules correctly on all three interfaces, but still, no dice. When I connect everything up my router displays an error saying that my "ISPs DCHP Service isn't working" My hunch is that I missed something in the configuration of the firewall that prevents the passthrough of the necessary DHCP data to my router, or due to my model of router (ASUS RX-AT82U v2) I need to put the router into a different mode for the bridge to properly work. However, both of these are just guesses. I have attached some pictures of my settings to see if anyone can spot anything...  Thank you in advance!

https://imgur.com/a/h059gW2

I had to use IMGUR because the attachments were too large

[Labber53]

Hey I can help. Here is what I understand:

[ Modem]
[Layer2 Firewall] ("bridge mode")   ==> additional Management interface on LAN subnet
[Router] (might be wireless router)
[LAN]

The router is set to DHCP.
You are able to manage the firewall from the LAN
You are able to manage the router from the LAN

Issue: router fails to get WAN IP via DHCP from the ISP

Troubleshooting 1: set the Router WAN IP with the static IP address to take DHCP out of play. Does it work?
Troubleshooting 2: make sure NAT rules disabled, DHCP service, allow firewall rule added on OPNsense (see docs for the full list)

I have not deployed OPNsense as a L2 firewall ("transparent bridge") yet. I have reviewed https://docs.opnsense.org/manual/how-tos/transparent_bridge.html and will try it in my Lab today

[Labber53]

Sorry I don't have good news for you.

I tried reproducing the Tutorial instructions https://docs.opnsense.org/manual/how-tos/transparent_bridge.html without success.

DHCP didn't work. Not even using static IP address (matching what I would have got over the bridge) worked.

There are some oddities in that document. I compared it to: https://docs.opnsense.org/manual/how-tos/lan_bridge.html

You might try that second How-To.

I will try to revisit this tomorrow. You can follow the my steps to reproduce the issue at this repo: https://github.com/doritoes/NUC-Labs/blob/XCP-ng/XCP-ng/Appendix-L2_Firewall.md

EDIT See also https://community.spiceworks.com/t/opnsense-transparent-bridge-between-isp-and-fortigate/946090/8