Static routes required for LAN>WAN traffic

coretex

Hello,

pfSense noob here -
My current configuration of pfSense requires a static route for LAN>WAN traffic to pass through. While generally I would find this pretty normal, the pfSense web gui doesn't permit the creation of a 0.0.0.0/0 route. I have had to create 2 static routes, 0.0.0.0/1 and 128.0.0.0/1. Obviously this is not intended usage, but without these routes, my pfSense appliance or anything routing internet toward it cannot get to the internet at all.

Please see attached screenshot... hopefully that helps.

Thanks :)

NogBadTheBad

What does your Gateways tab show ?

coretex

Howdy!
I've taken some screenshots:

NogBadTheBad

You don't need the bottom two routes in your static routes, they should use the default route in your gateways tab.

The middle route in the gateway tab isn't needed.

I bet your firewall rules are incorrect if you have to create 0.0.0.0/1 and 128.0.0.0/1, have you set a gateway, you shouldn't need to unless you want to do some sort of policy based routing.

I use the gateways to do a poor mans nms :)

coretex

Cheers Andy,

Yeah, I thought traffic should go out whatever Gateway is marked as default, but it isn't...
There's no gateway set for the LAN - I just rely on a 10.0.0.0/8 route for routing back to my LAN addresses.

It's very odd - even though the WAN gateway is marked Default, I still need those static routes...
I remove them and boom - no internet.

It's bizarre to me

NogBadTheBad

I’d default the config and start again, it should work.

Derelict

@nogbadthebad said in Static routes required for LAN>WAN traffic:

I use the gateways to do a poor mans nms :)

My advice is don't. Get a poor man's NMS like Nagios or Zabbix and use that instead of creating a bunch of interface routes in your firewall/router.