• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Devices with unconfigured default gateway

Scheduled Pinned Locked Moved NAT
2 Posts 2 Posters 629 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    wolf3000
    last edited by May 12, 2022, 10:33 PM

    Hello
    We have a netgate SG-5100 appliance running pfsense ver:
    21.05-RELEASE (amd64)
    built on Tue Jun 01 16:52:56 EDT 2021
    FreeBSD 12.2-STABLE

    as our corporate firewall. Inside our main network we have an oven that has it's own network separate and apart from our main network. The oven has an EWON Cozy 131 industrial VPN appliance. We access the oven network by logging in to the EWON talk2m cloud and connecting to our Cozy 131. All oven devices are pingable and accessible through the EWON cloud.

    We attempted to remove the Cozy131 and set up the oven as separate network segment so as to access the oven through our main network. We found that none of the oven devices are pingable from the main network. However a laptop with a static IP in the oven subnet is reachable from the main network and has 2 way communication.

    Further investigation revealed that none of the oven devices have their default gateways set but the Cozy131 has a capability called "plug & route" which obviates the need to configure the default gateway on devices behind the cozy See

    https://www.automation.com/en-us/products/product12/ewon-adds-plugn-route-to-routers

    . I was unable to find any info explaining how plug & route works.

    My question is does anyone know of any pfsense configuration settings that would give pfsense a plug and route like capability??

    Thanks for your help

    B 1 Reply Last reply May 13, 2022, 5:33 AM Reply Quote 0
    • B
      bingo600 @wolf3000
      last edited by bingo600 May 13, 2022, 5:34 AM May 13, 2022, 5:33 AM

      @wolf3000
      They are probably using proxy arp
      That was discouraged a long time ago, for security reasons.

      Why would you want that feature ?

      If using DHCP the PLC should also accept the def-gw info handed out.
      If using Static IP, it's just one more entry to key in.

      The whole point of using a firewall is to be "In Control", and not rely on some (could even be a hostile) device, forwarding your packets based on unanswered arp requests.

      /Bingo

      If you find my answer useful - Please give the post a 👍 - "thumbs up"

      pfSense+ 23.05.1 (ZFS)

      QOTOM-Q355G4 Quad Lan.
      CPU  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
      LAN  : 4 x Intel 211, Disk  : 240G SAMSUNG MZ7L3240HCHQ SSD

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received