Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Where should I configure a permenant route outside of the webui?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 169 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      techy2493
      last edited by

      Hello! I've been using PfSense for a few months now and have recently gotten a new ISP.
      This new ISP has direct copper to my apartment to their (I'm told) Juniper network. This is great because it means I don't have to have a costly modem.

      Unforunately they are issuing an ip on a /32 subnet.... This is annoying and a lot of equipment sees this as a problem (rightly so in most cases).

      -- A quick aside I'll note that the below work-around is not of my own creation I gleamed it from a few other forum posts on various sites. However none of them discussed how to make it permanent. Additionally it was often said this was bad practice, that a /32 should not be used. I have no control over this and am only working with what I have been given. I do not disagree, if there is a better way to work with this than I suggest below please offer it as well or instead. I do not wish to add additional hardware to mask this from pfsense as I prefer to keep my firewall as the boarder between my network and ISP technology.

      Pfsense seems to be one of those systems which deems this a problem as it cannot operate on it's own with this configuration. I have worked around this by adding a static route for the gateway ip to my wan interface, and configuring that gateway address as my default route.

      route add x.x.x.x/32 re1
      route add default x.x.x.x
      

      For this to work I have to disable my wan interface and add these routes manually each time my firewall reboots.

      Is there a place I can add these routes so that they are automatically configured prior to wan initialization so that I don't have to do this each time?

      Any help or direction is greatly appreciated. I understand /etc/rc.conf is not to be used, I assume that means the entire rc subsystem is out of bounds due to pfsense's nature. I'm hoping there is a configuration in pfsense I can manually configure to bypass some of the safe guards in place on the web ui, or some other initialization script I can tag into for this.

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        i think you are referring to this,
        https://redmine.pfsense.org/issues/972
        based on that you don't need to manually execute that command
        there should be a way to add that gateway via webGUI

        System / Routing / Gateways / add
        press "Display Advanced"
        the last option is
        Use non-local gateway
        Use non-local gateway through interface specific route. This will allow use of a gateway outside of this interface's subnet. This is usually indicative of a configuration error, but is required for some scenarios.

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • T
          techy2493
          last edited by

          This isn't the post I was referring to, but this seems to sum it up a lot more nicely than the ones I found on the subject. I was a lot less coherent on the subject when I was doing my initial research.

          I will give this a try thank you!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.