• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Peculiar routing: gateway outside the LAN segment

Scheduled Pinned Locked Moved IPv6
5 Posts 3 Posters 2.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    Locutus
    last edited by Jul 12, 2011, 2:25 PM Jul 12, 2011, 2:05 PM

    Hellos!

    My hoster is using a somewhat peculiar setup concerning routing from one customer server to others within the same LAN segment.

    Apparently to prevent customers from "stealing" neighboring IP addresses, their routers/switches are configured to drop packets sent from one host in the LAN to another. All traffic needs to go through the router.

    Now I'm in a bit of a twist. How do I set that up in PFSense?

    Concrete example. My server has the address 2a01:4f8:101:11a4::/64, and the router has 2a01:4f8:101:11a0::1/59. Which means the gateway is not in my /64 subnet (understandably), but I also cannot extend my netmask to /59, since I need to route all traffic through the gateway, also that for other servers in the gateway's /59.

    In a Vyatta test installation, I configured the router to have a /128 IP address, set the default gateway to 2a01:4f8:101:11a0::1 and configured an interface-route to there via the proper eth.

    Unfortunately, PFSense does not allow me to set a gateways outside the host's network segment.

    Any idea what to do here?

    (I should add that I'm using PFSense 2.0 RC3 with the IPv6 support git-synced from github.com/smos.)

    Kind regards,
    Frank

    1 Reply Last reply Reply Quote 0
    • L
      Locutus
      last edited by Jul 25, 2011, 5:39 PM

      push

      No ideas about this? Come on… It must be possible to configure this in PFSense!

      The same issue by the way also applies to IPv4.

      Kind regards,
      Frank

      1 Reply Last reply Reply Quote 0
      • D
        databeestje
        last edited by Jul 26, 2011, 8:56 AM

        The same reason that we have not implemented this for ipv4. It breaks sound network design. It is a rather peculiar thing and very low on the wih list.

        1 Reply Last reply Reply Quote 0
        • G
          GrandmasterB
          last edited by Jul 26, 2011, 8:27 PM

          @Locutus:

          push

          No ideas about this? Come on… It must be possible to configure this in PFSense!

          The same issue by the way also applies to IPv4.

          I presume you also use hetzner for your hosting. My solution was to make a specific route for their gateway adress. That should work.

          1 Reply Last reply Reply Quote 0
          • L
            Locutus
            last edited by Jul 27, 2011, 7:21 PM

            Yep, indeed Hetzner. :)

            I had tried that solution with a static route for the LAN segment via the Hetzner gateway before, but it failed because I added a route for the full LAN segment which was ignored / overridden by the LAN interface route. Stupid me. :)

            After getting a hint in the Hetzner forum, I now added TWO static routes, one for the first and one for the second half of my LAN segment, and that worked nicely. Those routes were added correctly to the routing table, and since they are more specific (longer network mask) than the actual LAN route, they take precedence.

            Kind regards,
            Frank

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received