OPNsense Transparent Filtering Bridge (v26.1)

In this guide, I will be configuring OPNsense in a transparent bridge configuration for OPNsense 26.1. When OPNsense is configured as a transparent filtering bridge, you are using OPNsense only as a firewall instead of a router and a firewall.

Once the transparent filtering bridge is configured, you can insert it in between any two wired devices on your network: between the modem and router, between the router and network switch, or between the network switch and a server. Essentially you can put it anywhere you desire a dedicated firewall appliance.

In this example, I will be placing the transparent filtering bridge between the router and the core/aggregation switch for my home network. This will give me more internal network visibility than placing it between the modem and router.

However, one downside is that the filtering bridge can be detrimental to throughput if you are using a lower powered hardware. For instance, I am using the Gowin R86S-G4 which has the Intel N6005 CPU. Performance for routing across VLANs dropped from 9.4 Gbps (full 10 Gbps throughput) to about 7.5-8 Gbps. The performance drop is not a dealbreaker for me because I don't route a lot of fully saturated 10 Gbps traffic through the firewall since I have a dedicated backend 10 Gbps VLAN used for most of my high bandwidth NAS traffic. Even if I did route all the NAS traffic through the firewall, I am typically capped between 2.5-3.5 Gbps since I'm using traditional 3.5" hard disks for my bulk storage.

For a written version, please visit my website: https://homenetworkguy.com/how-to/configure-opnsense-transparent-filtering-bridge/

Chapters:

02:34 Connecting PC to MGMT interface
02:45 Setting up the OPNsense transparent filtering bridge
03:46 Change LAN to be MGMT
05:22 Configure gateway for MGMT
06:29 Note about DNS configuration
07:41 Firewall rules for MGMT interface
11:55 Configure interfaces to be used in bridge
13:59 Disable outbound NAT
14:23 Update system tunables
15:49 Create the bridge interface
17:03 Create firewall rule for the bridge
18:25 Disable DHCP on MGMT interface
19:22 Connect transparent filtering bridge to main network
20:10 Testing updating OPNsense
21:19 Optional: install plugins
22:34 Testing access on filtering bridge
22:58 Speed test
23:46 Testing a firewall block on bridge

EP97

Join this channel to get access to perks:
https://www.youtube.com/channel/UCvdHQkQv8KpwMnKkitmUVTQ/join

Видео OPNsense Transparent Filtering Bridge (v26.1) канала Home Network Guy