How to route all traffic to a dedicated Hardware Firewall?

Hi, I have looked through the site and not found much on this.

Setup: 1 x OpenWRT Router, 1 x pfSense Server with 2 x NIC`s

My question; I want to route all traffic from LAN and Wifi on the OpenWRT Router through my pfSense Server, have it analyse, then pass back into the OpenWRT Router and out to the Internet.

Basically im trying to find a way to increase my Secuirty by passing all data coming into and going out of my OpenWRT Router through a dedicated Hardware Firewall. I do have a second OpenWRT Router at hand if needed.

Any help appreciated.

Options:

  • LAN <-> OpenWrt <-> pfSense <-> ISP
  • LAN <-> Switch/AP <-> pfSense <-> OpenWrt <-> ISP

See also:

2 Likes

Why do you think this will be more secure? What are you expecting to be able to achieve with pfSense that you can't do with OpenWrt?

2 Likes

The list is long what i can achieve with this setup. One; the router that i have installed OpenWRT onto does not have enough storage or processing power to perform all the packet inspection that i require.

Your question; Why do i think this will be more secure?
Answer: Its a hardware Firewall dedicated to inspecting packets. Designed for the reasons i require it.

For true security, the firewall needs to be physically in the path to/from the Internet, not just logically. Thus the term "hardware firewall".

pfSense is also a router, you don't need an additional router.

2 Likes

mk24, please read my posts, that is the reason for my question, and yes pfSense can act like a router, though i want the OpenWRT Router to do the routing, not inspecting/analysing.

May i add to everyone. This is a question for help to route all my traffic through my pfSense Firewall, the reasons why i want to do this is relevant to the Network setup im creating.

Your missing some bits vgaetera:

ISP <> OpenWRT <> pfSense <> LAN & WiFi Traffic.

Full-Duplex

Edited.

How is your network wired up? Your last post implies the only thing connected to the OpenWrt device is your ISP and the pfSense device. Is that correct?

At the the moment, yes. This is a setup for a secure remote location.

Sorry maybe i mis read your question; there are connected WiFi and LAN hard wired devices.

What do you want here? That every packet entering or leaving through the OpenWrt WAN is inspected on its way to/from the internet? or you want every packet ever sent by any device to be inspected by the packet inspector, including LAN/LAN packets?

"every packet entering or leaving through the OpenWrt WAN"

Yes

I don't know how pfsense works, but I'd imagine you could just bridge two ethernets, and put that between the ISP and the OpenWrt, then snoop all that traffic. voila?

1 Like