Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Devices with unconfigured default gateway

    NAT
    2
    2
    614
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wolf3000
      last edited by

      Hello
      We have a netgate SG-5100 appliance running pfsense ver:
      21.05-RELEASE (amd64)
      built on Tue Jun 01 16:52:56 EDT 2021
      FreeBSD 12.2-STABLE

      as our corporate firewall. Inside our main network we have an oven that has it's own network separate and apart from our main network. The oven has an EWON Cozy 131 industrial VPN appliance. We access the oven network by logging in to the EWON talk2m cloud and connecting to our Cozy 131. All oven devices are pingable and accessible through the EWON cloud.

      We attempted to remove the Cozy131 and set up the oven as separate network segment so as to access the oven through our main network. We found that none of the oven devices are pingable from the main network. However a laptop with a static IP in the oven subnet is reachable from the main network and has 2 way communication.

      Further investigation revealed that none of the oven devices have their default gateways set but the Cozy131 has a capability called "plug & route" which obviates the need to configure the default gateway on devices behind the cozy See

      https://www.automation.com/en-us/products/product12/ewon-adds-plugn-route-to-routers

      . I was unable to find any info explaining how plug & route works.

      My question is does anyone know of any pfsense configuration settings that would give pfsense a plug and route like capability??

      Thanks for your help

      bingo600B 1 Reply Last reply Reply Quote 0
      • bingo600B
        bingo600 @wolf3000
        last edited by bingo600

        @wolf3000
        They are probably using proxy arp
        That was discouraged a long time ago, for security reasons.

        Why would you want that feature ?

        If using DHCP the PLC should also accept the def-gw info handed out.
        If using Static IP, it's just one more entry to key in.

        The whole point of using a firewall is to be "In Control", and not rely on some (could even be a hostile) device, forwarding your packets based on unanswered arp requests.

        /Bingo

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.