Gateways and WAN_DHCP6



  • Hi folks, still getting used to pfsense after moving from smoothie. Anyway was wondering if there are any security best practice I should be aware of when setting the gateway for both LAN & OPT interfaces. Is it normal for them to share the same gateway? Looking at my question, I'm doubting if I should even be asking this but I'm sure in smoothwall I'd set a different gateway depending on which LAN/DMZ subnet I was configuring.

    Also, just setup pfsense on another PC and noticed that there are now 2 entries under gateways. My regular WANGW and a new WAN_DHCP6 entry. I've disabled everything IPV6 on of sense so was wondering if there were any negative security side effects of it being there as I can't seem to get rid of it…

    Just realised that I hadn't changed the IPv6 configuration type drop down box to 'None' under the WAN interface page. Now I've done that it's disappeared.

    Be gentle!
    Cheers



  • Not quite sure what gateway you are referring to here. The normal situation is:
    a) Each WAN will have a gateway, which is the upstream IP address of the ISP router (either set statically on the WAN interface settings or received from the ISP via DHCP on WAN interface).
    b) Each LAN will have an IP address on pfSense in a different private subnet. That IP address will be given out as the client gateway by DHCP server on the LAN to DHCP client systems that ask, and any clients on the LAN that set their IP address statically will (shoudl) also statically set the pfSense LAN IP as their gateway.

    A LAN on pfSense will NOT have a gateway specified on its interface configuration page.