Question about Static Route



  • Hello - We are using a pfSense/Netgate device in a router-only setup, and are routing our own IPs on the LAN side, as well as have a BGP exchange with the ISP for a secondary set of IPs we own, i.e.:

    ISP Gateway (1.1.1.1/29)
    |
    |
    pfSense WAN (1.1.1.2/29) -- BGP (Config for 3.3.3.0/24 exchange between ISP & pfSense)
    pfSense LAN (2.2.2.0/24)
    |
    EdgeSwitch -- SecondaryFirewall WAN (2.2.2.247/24) 
    |             SecondaryFirewall LAN (3.3.3.0/24)
    |
    Firewall WAN (2.2.2.5/24)
    Firewall LAN (192.168.0.0/16)
    

    We need to make it so that "3.3.3.0/24" traffic/devices can pass traffic to/from the internet, via the 2.2.2.247 device, but I'm not seeing how/where this can be done.

    Do I add a 'static route' in pfSense?  If so, so I need to create a 'Gateway' at 2.2.2.247, so the static route has a gateway to go through?

    I'm a bit lost here, and any assistance would be greatly appreciated.  Thanks!!



  • @TPCoMatt:

    Do I add a 'static route' in pfSense?  If so, so I need to create a 'Gateway' at 2.2.2.247, so the static route has a gateway to go through?

    Yes.

    Basically you need two routes for accessing the internet: the upstream route and the downstream route.
    For the upstream route you have to set the ISP gateway as default gateway on the external firewall and select it in the WAN interface settings. On the secondary firewall you have to the same with the external FW's LAN address.
    For the downstream you need a static route on the external firewall. First set 2.2.2.247 as gateway (not default!) and then add a static route for 3.3.3.0/24 and select 2.2.2.247 for the GW to be used.



  • @viragomann:

    @TPCoMatt:

    Do I add a 'static route' in pfSense?  If so, so I need to create a 'Gateway' at 2.2.2.247, so the static route has a gateway to go through?

    Yes.

    Basically you need two routes for accessing the internet: the upstream route and the downstream route.
    For the upstream route you have to set the ISP gateway as default gateway on the external firewall and select it in the WAN interface settings. On the secondary firewall you have to the same with the external FW's LAN address.
    For the downstream you need a static route on the external firewall. First set 2.2.2.247 as gateway (not default!) and then add a static route for 3.3.3.0/24 and select 2.2.2.247 for the GW to be used.

    Thanks!  That worked perfectly!!