OS based firewall bridge help

[MadJuggla9]

We had a neteq go out from lightning a few weeks back and since then I've been locally testing every distro from the sticky and I've come to like (and am currently *locally* running) Endian, pfSense, and Untangle.

In addition to strictly being a firewall, the neteq was mainly used for NTOP (for traffic hogs), QOS, cutting off unpaid customers, and blocking malicious IPs/MACs. I like that pfSense has the NTOP feature a lot but ultimately the choice is whatever suits my needs best.

Can someone shed some light on the bridge aspect? For example; I assign the WAN IP as a local free IP (each of the 3 firewalls have a different unit and live IP im testing on), and the LAN IP as a 10.x.x.x.

I can connect to the internet using a 10.x.x.x static IP but not when I use an IP that would be on the same subnet as the firewalls *WAN IP*.

I do NOT want the firewall to route, merely *watch* traffic with features so to speak. All IPs on our network are static. How can I setup a simple bridge so the firewall can be effective, and accept any IPs coming thru it? I'm currently favoring pfSense and have it working great but I'm limited to IPs that match the subnet of my LAN interface.

 

[MadJuggla9]

So far I have pfSense working on 192.168.1.67 (WAN) and (192.168.1.68 LAN) with WAN plugged into WAN NIC and a small switch with PCs plugged into the LAN NIC. No DHCP, static IPs work, NTOP works, etc.

If I go outside that range (192.168.1.x) I can not access the internet. Can someone explain how to accomplish allowing other IPs/subnets?

I setup a bridge between the 2 NICs and NTOP is monitoring properly. What exactly did a bridge on the same subnet between the NICs do in contrast to having a 10.x.x.x LAN.

Sorry if I'm illiterate, Please let me know if I can make any clarification.

Thanks