Assigning Interface as a gateway

ivanjrx

Hellow Folks,

Here's a little context:
1 - Wan
2 - Lan
3 - OPT (This is what I'm trying to setup):
I have Network that is running its own Internal DHCP Windows Server, I just need to setup a Gateway for it, so It can get access to the internet.

Another words, ie:
IPv4 Address: 10.27.27.2
Subnet Mask: 255.255.255.0
Default Gateway: 10.27.27.1 (This is what I need to setup using pfsense and that Interface )

Any thoughts?

johnpoz

@ivanjrx said in Assigning Interface as a gateway:

Default Gateway: 10.27.27.1 (This is what I need to setup using pfsense and that Interface )

If you want the gateway for this network to be pfsense, and you want it to be 10.27.27.1/24 - then set that IP on the opt interface, do not enable dhcp on pfsense for this network..

Create the firewall rules you want that will allow traffic you want to allow.. When you add an interface it will not have any firewall rules like lan does. So you can create a any any rule like on lan net for this opt net.. Or whatever other rules you want to use.

That is really all there is to it..

Set whatever dhcp your running on this network to point to pfsense IP as the router/gateway - I assume the 10.27.27.1 your going to assign to the pfsense opt interface.

ivanjrx

@johnpoz
something like this
alt text

Plus allowing the firewall?

SteveITS

@ivanjrx OPT is an internal interface correct? Then yes. Add rules to allow OPT net to pfSense for DNS, and to any for internet. Block from OPT net to LAN net if desired.(above the allow to any rule)

johnpoz

@ivanjrx yeah that would be how you would set the IP on the interface - also make sure nothing else on the network is using that 10.27.27.1 address.

ivanjrx

@johnpoz
This is wonderful you guys!

I have two more questions.
1 - How come when I was setting up the Static IPv4 on the interface, why does it have to be /24 and not /32 ? (i noticed when i set it up on /32 there was not internet)

2 - I have a question about firewall on the same configuration, so it can talk to another subnet on the same pfsense , do I post it here or do i need to add it in another branch of this forum like Firewalling

SteveITS

@ivanjrx the subnet mask affects what other IPs are considered in the same network.
https://www.iplocation.net/subnet-mask
A /32 is only one IP.

Re inter interface communication, as noted above, Add rules to allow OPT net to pfSense for DNS, and to any for internet. Block from OPT net to LAN net if desired.(above the allow to any rule). By default on pfSense only LAN has an allow rule hence all traffic is blocked by default on other interfaces.

ivanjrx

@SteveITS
so how do I do for the rule for DNS?

and how do I add that rule to accept traffic from and back to per say LAN?

SteveITS

@ivanjrx is there any network to which you do not want OPT to connect?

ivanjrx

@SteveITS Thank you for your response.
the gateway part is done I feel like the scope of this thread was fixed.
I'll ad the fw question to the firewalling section.

Thank you @johnpoz as well

ivanjrx

@ivanjrx Moderators can change the status for solved