Bridging will disable firewall and DHCP on modem, this should be expected.
If it works, then you’re using it just fine. I have my DMZ hosts like that on
a separate network on OPT1 with their own IP range and 1:1 nat rules. It feels
more segregated that way to me than the bridging firewall scenario. That would
be my inclination on firewall best practices and least privilege blah blah blah.
ED.
> On 2015, Mar 6, at 4:16 PM, Tim Hogan <[email protected]> wrote:
>
> I am looking for some advice from the group about the best way to put pfSense
> in my environment so that it can filter all traffic. The cable provider that
> I use has given me a /29 of static IP address and one of those addresses is
> assigned to the cable modem. When I asked about putting the modem into
> bridging mode I found out that their idea of bridging is to disable the
> firewall and DHCP service on the modem. So this is what I have come up with
> so far.
>
> Cable Modem: 70.70.70.94
> pfSense WAN: 70.70.70.93 (also my NAT address for the LAN)
> pfSense LAN: 10.100.100.1/24
> pfSense OPT1: bridged to WAN interface, no IP address
>
> The OPT1 interface is connected to a switch that has the other devices with
> the remaining IP address in the 70.70.70.89/29 space and I have the firewall
> rules for this space on the WAN interface. It seems to work but I am
> wondering if I am using the bridging feature correctly. Any thoughts?
>
> Thanks,
> Tim
>
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
