Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 785 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Home, transparent/bridge mode, I can't seem to get it to work.

PolyphemusNL

Hi all,

I'm trying to deploy XG Home on my double NIC server. I want to use bridge mode, because I have a third party firewall, which also acts as a DHCP server.

I would like to:

Internet <> Firewall <> XG <> internal LAN.

Installation of XG went OK, I can select bridge mode, bridge the two NICs, but after installation finishes, the NICs only have one IP (should they?), and I'm not able to access the XG GUI on that IP and port 4444.

A PC I connect on the LAN interface side of the XG does not receive an IP address. Another PC placed in the same network as the LAN side of the firewall and the WAN side of the XG also can not access the XG GUI.

What am I missing here?

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Hello Poly,

    Thank you for contacting the Sophos Community!

    If you bridged LAN and WAN together in your two ports, then you will only see one IP after it becomes a bridge. 

    I would recommend you to start and try to Console into the XG and do a TCPdump to see if you are seeing traffic arriving at the XG. 

    Regards,

  • 0 in reply to emmosophos

    Hi emmo,

    Thanks for your reply. Traffic is now passing through, I have made an any-any-allow rule, and I have bridged the two ports and joined them into the same group. But how do I access the GUI now? When I try the IP of the bridge, port 4444, it times out.

  • 0 in reply to PolyphemusNL

    Hello Poly,

    Thank you for the follow-up!

    So after you created the Firewall rules you aren’t able to access the GUI anymore?

    Can you console or SSH into the XG? and from the advanced shell do the following command:

    tcpdump -eni any port 444

    And then try to access the GUI, let me know if you see packets arriving at the XG in the IP address of the Bridge

    Regards

Reply
  • 0 in reply to PolyphemusNL

    Hello Poly,

    Thank you for the follow-up!

    So after you created the Firewall rules you aren’t able to access the GUI anymore?

    Can you console or SSH into the XG? and from the advanced shell do the following command:

    tcpdump -eni any port 444

    And then try to access the GUI, let me know if you see packets arriving at the XG in the IP address of the Bridge

    Regards

Children
  • 0 in reply to emmosophos

    Hi emmo,

    I see incoming packets. If I place a pc after the bridge I can't access the GUI from that PC, like so:

    Internet <> XG <> PC

    If I place a pc in front of the XG, with a switch, I do can access GUI from the PC, like:

    Internet <> Switch <> XG

                             |

                           PC

    Sorry for my crappy ASCII art ;)

    So everything behind the XG seems to be blocked, even-though there is an any-any rule on the firewall.

    - Both ports of the bridge are in the LAN zone. Does that make a difference, LAN zone or WAN zone?

    - On the bridge interface, I haven't enabled 'Enable routing on this bridge pair', should I?

    Thanks again.

  • 0 in reply to PolyphemusNL

    Within the bridge, XG still keeps the Zone concept. Means that both ports have a relationship to LAN or WAN. Basically the standard setup does not allow access from the WAN port. Means, you cannot access it from there. 

    Routing should be enabled, if you have different Subnets going across this bridge.