Route without Gateway

  • Hello everyone,

    im migrating from ipcop(Linux) to pfsense. I have to add an route for an additional subnet. On the linux box the routing enty was added manually by using:

    route add -net netmask eth0

    the result is a routing table like this:

    ...   U     0      0        0 eth0

    I want to add the same route by using the web interface.

    On the pfsense shell i tried the following:

    route add -net -interface rl1

    But this routing only works on the pfsense box local not from a pc that uses the pfsense box as defaultgw. Also i want to use the web interface. Thanks for your help.

    Greetings Felix

  • you can add static routes in the web interface if needed (system:routing:routes)

    every static route needs a gateway (ie other router).

    i'm not sure what you are trying to accomplish offcourse but if you need to route a different subnet on the same "lan" interface then i believe you can use Virtual IP's on the pfsense. (Firewall:virtual ip)
    you might have to switch to manual outbound NAT if that subnet needs NAT (i'm not sure if this type of setup will generate automatic nat rules)

    do note that i've never attempted todo this and i might be wrong that this could work ! Personally i think it would be better to implement vlans if you can get your hands on a switch that supports it.

    kind regards

  • You don't want such a route, you want an IP alias on that subnet.

  • Thank you for your hints. I tried them before i started this thread. But they dont work so i concentrated on "cloning" the working route from the linux box, because there it is working. I agree with you the cleanest way is the ip alias. But the problem is adding the ip alias only works local on the pfsense box, not on an other machine using the pfsense as gateway. When i do a tracepath on the other machine that uses the pfsense as gateway, i see the  route stops on the default gw of the wan interface of the pfsense. But the subnet is in the lan interface of pfsense. I use an gateway group to implement a WAN failover. So i have a firewall rule that routes the traffic from lan to the gateway group as described here: at "Set up the basic firewall rules for outgoing access" . I think this could be the problem.

    Writing this text i had the idea that i have to add a firewall rule for the subnet with the virtual ip. I had done this before too, but i dont have palced the rule before the failover route for the gateway group. Now it works perfect. thank you for pushing me in to the right direction.

    I hope this post can help someone having the same problem. though this might be a very rare configuration ;-)

Log in to reply