Where should I configure a permenant route outside of the webui?

  • Hello! I've been using PfSense for a few months now and have recently gotten a new ISP.
    This new ISP has direct copper to my apartment to their (I'm told) Juniper network. This is great because it means I don't have to have a costly modem.

    Unforunately they are issuing an ip on a /32 subnet.... This is annoying and a lot of equipment sees this as a problem (rightly so in most cases).

    -- A quick aside I'll note that the below work-around is not of my own creation I gleamed it from a few other forum posts on various sites. However none of them discussed how to make it permanent. Additionally it was often said this was bad practice, that a /32 should not be used. I have no control over this and am only working with what I have been given. I do not disagree, if there is a better way to work with this than I suggest below please offer it as well or instead. I do not wish to add additional hardware to mask this from pfsense as I prefer to keep my firewall as the boarder between my network and ISP technology.

    Pfsense seems to be one of those systems which deems this a problem as it cannot operate on it's own with this configuration. I have worked around this by adding a static route for the gateway ip to my wan interface, and configuring that gateway address as my default route.

    route add x.x.x.x/32 re1
    route add default x.x.x.x

    For this to work I have to disable my wan interface and add these routes manually each time my firewall reboots.

    Is there a place I can add these routes so that they are automatically configured prior to wan initialization so that I don't have to do this each time?

    Any help or direction is greatly appreciated. I understand /etc/rc.conf is not to be used, I assume that means the entire rc subsystem is out of bounds due to pfsense's nature. I'm hoping there is a configuration in pfsense I can manually configure to bypass some of the safe guards in place on the web ui, or some other initialization script I can tag into for this.

  • LAYER 8

    i think you are referring to this,
    based on that you don't need to manually execute that command
    there should be a way to add that gateway via webGUI

    System / Routing / Gateways / add
    press "Display Advanced"
    the last option is
    Use non-local gateway
    Use non-local gateway through interface specific route. This will allow use of a gateway outside of this interface's subnet. This is usually indicative of a configuration error, but is required for some scenarios.

  • This isn't the post I was referring to, but this seems to sum it up a lot more nicely than the ones I found on the subject. I was a lot less coherent on the subject when I was doing my initial research.

    I will give this a try thank you!

Log in to reply