1. Home
  2. pfSense® Software
  3. Routing and Multi WAN
  4. Where should I configure a permenant route outside of the webui?

Where should I configure a permenant route outside of the webui?

  • T

    Hello! I've been using PfSense for a few months now and have recently gotten a new ISP.
    This new ISP has direct copper to my apartment to their (I'm told) Juniper network. This is great because it means I don't have to have a costly modem.

    Unforunately they are issuing an ip on a /32 subnet.... This is annoying and a lot of equipment sees this as a problem (rightly so in most cases).

    -- A quick aside I'll note that the below work-around is not of my own creation I gleamed it from a few other forum posts on various sites. However none of them discussed how to make it permanent. Additionally it was often said this was bad practice, that a /32 should not be used. I have no control over this and am only working with what I have been given. I do not disagree, if there is a better way to work with this than I suggest below please offer it as well or instead. I do not wish to add additional hardware to mask this from pfsense as I prefer to keep my firewall as the boarder between my network and ISP technology.

    Pfsense seems to be one of those systems which deems this a problem as it cannot operate on it's own with this configuration. I have worked around this by adding a static route for the gateway ip to my wan interface, and configuring that gateway address as my default route.

    route add x.x.x.x/32 re1
route add default x.x.x.x

    For this to work I have to disable my wan interface and add these routes manually each time my firewall reboots.

    Is there a place I can add these routes so that they are automatically configured prior to wan initialization so that I don't have to do this each time?

    Any help or direction is greatly appreciated. I understand /etc/rc.conf is not to be used, I assume that means the entire rc subsystem is out of bounds due to pfsense's nature. I'm hoping there is a configuration in pfsense I can manually configure to bypass some of the safe guards in place on the web ui, or some other initialization script I can tag into for this.

    0
  • kiokoman
    LAYER 8

    i think you are referring to this,
    https://redmine.pfsense.org/issues/972
    based on that you don't need to manually execute that command
    there should be a way to add that gateway via webGUI

    System / Routing / Gateways / add
    press "Display Advanced"
    the last option is
    Use non-local gateway
    Use non-local gateway through interface specific route. This will allow use of a gateway outside of this interface's subnet. This is usually indicative of a configuration error, but is required for some scenarios.

    0
  • T

    This isn't the post I was referring to, but this seems to sum it up a lot more nicely than the ones I found on the subject. I was a lot less coherent on the subject when I was doing my initial research.

    I will give this a try thank you!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy