Pfsense on ionos with /32 subnet and gateway in other network
-
Hi,
I was trying to setup pfsense on ionos. They gave me the following IP-Setup:
IP: 46.x.x.x
Subnetmask: 255.255.255.255 (/32)
Gateway: 10.255.255.1I could not get pfsense to run with this configuration.
If you try to configure the settings mannually pfsense tells you that the subnet can only be between 8 and 30, but not 31 or 32. So I tryed to use a /24 subnet instead. But when trying to configure the 10.255.255.1 gateway this wasnt possible too because of the error message that the subnet can not be in another network than the configured IP.
Even when doing dhcp in pfSense for WAN-Interface it booted and displays the message: gateway is not reachable.So I ended up installing a Debian as pre-gateway and doing this configuration:
auto eth0 iface eth0 inet static address 46.x.x.x netmask 255.255.255.255 gateway 10.255.255.1 pointopoint 10.255.255.1 auto eth1 iface eth1 inet static address 10.0.0.1 netmask 255.255.255.0
The I enabled ip forwarding and settet up a new pfSense to have 10.0.0.2 as IP for WAN and 10.0.0.1 as gateway.
/etc/sysctl.conf: net.ipv4.ip_forward = 1
And I needed to give the eth0 interface of the Debian gateway the MAC address from the WAN ethernet device of the vm-host server.
Is there any way to have this configuration in pfSense without the need of a pre-gateway? Without loosing configurations on startup or when chaneging something on the webinterface?
-
Hi, on the web interface pre-configure the gateway with advanced option:
Then you can assign a static IP with /32 mask.
Regarding the MAC, you can spoof the WAN MAC, you need to unlock that in vmware or you can assign the MAC to the the interface on vmware.
-
Hey thanks! It worked! <3 <3 I only get this message now every second in the log:
hn0: a looped back NS message is dectected during DAD for fe80:xxxxxxxx. Anoter DAD probes are being sent.
-
@vernichter said in Pfsense on ionos with /32 subnet and gateway in other network:
a looped back NS message is dectected during DAD for fe80:xxxxxxxx. Anoter DAD probes are being sent
Check this thread :)
https://forum.netgate.com/topic/98857/a-looped-back-ns-message-is-detected-during-dad