Where should I configure a permenant route outside of the webui?
Hello! I've been using PfSense for a few months now and have recently gotten a new ISP.
This new ISP has direct copper to my apartment to their (I'm told) Juniper network. This is great because it means I don't have to have a costly modem.
Unforunately they are issuing an ip on a /32 subnet.... This is annoying and a lot of equipment sees this as a problem (rightly so in most cases).
-- A quick aside I'll note that the below work-around is not of my own creation I gleamed it from a few other forum posts on various sites. However none of them discussed how to make it permanent. Additionally it was often said this was bad practice, that a /32 should not be used. I have no control over this and am only working with what I have been given. I do not disagree, if there is a better way to work with this than I suggest below please offer it as well or instead. I do not wish to add additional hardware to mask this from pfsense as I prefer to keep my firewall as the boarder between my network and ISP technology.
Pfsense seems to be one of those systems which deems this a problem as it cannot operate on it's own with this configuration. I have worked around this by adding a static route for the gateway ip to my wan interface, and configuring that gateway address as my default route.
route add x.x.x.x/32 re1 route add default x.x.x.x
For this to work I have to disable my wan interface and add these routes manually each time my firewall reboots.
Is there a place I can add these routes so that they are automatically configured prior to wan initialization so that I don't have to do this each time?
Any help or direction is greatly appreciated. I understand /etc/rc.conf is not to be used, I assume that means the entire rc subsystem is out of bounds due to pfsense's nature. I'm hoping there is a configuration in pfsense I can manually configure to bypass some of the safe guards in place on the web ui, or some other initialization script I can tag into for this.
i think you are referring to this,
based on that you don't need to manually execute that command
there should be a way to add that gateway via webGUI
System / Routing / Gateways / add
press "Display Advanced"
the last option is
Use non-local gateway
Use non-local gateway through interface specific route. This will allow use of a gateway outside of this interface's subnet. This is usually indicative of a configuration error, but is required for some scenarios.
This isn't the post I was referring to, but this seems to sum it up a lot more nicely than the ones I found on the subject. I was a lot less coherent on the subject when I was doing my initial research.
I will give this a try thank you!