Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN IP is on different subnet than default Gateway

    Scheduled Pinned Locked Moved Routing and Multi WAN
    13 Posts 6 Posters 7.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thept
      last edited by

      WAN IP is on different subnet than default Gateway

      I have one pfSense (2.1.5-RELEASE (i386)) installed in an ISP (MEO in Portugal) where the default gateway is not on same subnet - WAN (dynamic) IP is in 85.xxx.xxx.xxx range, and default Gateway is 194.65.169.245. WAN interface name is bge0.

      To be able to access Internet, I have installed package Shellcmd to run the folowing commnands on reboot:
      (thanks -> http://blog.magiksys.net/pfsense-firewall-default-gateway-different-subnet)

      • route add -net 194.65.169.245/32 -iface bge0
      • route add default 194.65.169.245

      … but when my WAN IP changes, I lose internet connection - to solve this problem, I created the bellow script and installed another package, Cron, to be able to manage my custom script shedule.


      **#!/bin/tcsh -f

      Script name - my_rewrite_routes.sh

      used to rewrite routes on pfSense when default Gateway not in same subnet of WAN IP

      run with Cron

      2.1.5-RELEASE (i386)

      built on Mon Aug 25 07:44:26 EDT 2014

      FreeBSD 8.3-RELEASE-p16

      created DEZ 2014

      Jose Luis - jluis144@hotmail.com

      set myDATE=date

      get current WAN IP

      set myNEWWANIP=ifconfig bge0 | grep "inet "
      set myNEWWANIP= ( $myNEWWANIP )

      get last WAN IP

      set myLASTWANIP=cat /tmp/mylastwanip.txt

      if ( "$myNEWWANIP[2]" == "$myLASTWANIP" ) then

      echo "Same IP - nothing done."

      else

      Update Routes

      route add -net 194.65.169.245/32 -iface bge0
      route add default 194.65.169.245

      update current IP helper file

      echo "$myNEWWANIP[2]" > /tmp/mylastwanip.txt

      update log file

      echo "$myDATE - $myNEWWANIP[2]" >> /tmp/mylastwanip_log.txt

      echo "Different IP - rewriting Routes"

      endif**
      –--------------------------------------------------------------------

      so, i'd like to:

      • know if there is a better way to solve this?
      • because I'm a noob respecting to scripting, could someone improve this script?
      • I have placed this script in /usr/local/bin - is this correct, or is there a better place?
      • any other comments...

      Thanks in advance,
      Jose Luis

      1 Reply Last reply Reply Quote 0
      • R
        rubic
        last edited by

        @thept:

        • route add -net 194.65.169.245/32 -iface bge0

        This can be done using GUI. 1. Add a new gateway in the "System->Routing->Gateways":

        Interface: WAN
        Name: Name
        Gateway: leave blank
        Default Gateway: no
        Disable Gateway Monitoring: yes

        2. Add static route in the "System->Routing->Routes":

        Destination network: 194.65.169.245/32
        Gateway: Name

        1 Reply Last reply Reply Quote 0
        • T
          thept
          last edited by

          Hello,
          Thanks for your answer.

          I have tried your approach with a slight difference - I have marked the Default Gateway box (I assumed that should be one Default Gateway).

          With the Default Gateway box marked, when my WAN IP changes, everyone loses Internet connection, even a reboot does not restore connection.

          Because this is a production machine, I'm not able to easily test your approach, but when I can, I will post the results.

          Anyway, my solution is working, but because my scripting skills are not the best, I know that the script could be improved…

          Jose Luis

          1 Reply Last reply Reply Quote 0
          • R
            rubic
            last edited by

            Sorry, I meant that "route add -net 194.65.169.245/32 -iface bge0" can be done via GUI. After steps 1, 2 you still need to add default gateway using script (route add default 194.65.169.245).

            1 Reply Last reply Reply Quote 0
            • T
              thept
              last edited by

              Well,

              someone have rewrited the script (my brother …), so a better and cleaner version will be:

              **–--------------------------------------------------------------------
              #!/bin/sh

              Script name - my_rewrite_routes.sh

              DEZ 2014 - Jose Luis - jluis144@hotmail.com

              used to rewrite routes on pfSense when default Gateway not in same subnet of WAN IP

              run with Cron

              2.1.5-RELEASE (i386)

              built on Mon Aug 25 07:44:26 EDT 2014

              FreeBSD 8.3-RELEASE-p16

              myDATE=date

              Get current WAN IP

              myNEWWANIP=/sbin/ifconfig bge0 | grep "inet " | awk '{print $2}'

              Get last WAN IP

              read myLASTWANIP < /tmp/.mylastwanip.txt

              echo "myNEWWANIP : $myNEWWANIP"
              echo "myLASTWANIP : $myLASTWANIP"

              if [ "$myNEWWANIP" != "$myLASTWANIP" ]
              then

              Update Routes

              #route add -net 194.65.169.245/32 -iface bge0
              #route add default 194.65.169.245

              Update current IP helper file / Update log file

              echo "$myNEWWANIP" > /tmp/.mylastwanip.txt
              echo "$myDATE - $myNEWWANIP" >> /tmp/.mylastwanip_log.txt
              fi
              –--------------------------------------------------------------------**

              1 Reply Last reply Reply Quote 0
              • C
                CryoGenID
                last edited by

                Hello,

                I just have started installing pfSense on a provider here in Germany (Webtropia) with the same setup (it seems that way anyway):
                I have an IP address for pfSense (213.XXX.XXX.40/32) but the Gateway is 193.XXX.XXX.1.

                Reading this (and some other) thread I have found out how to get the system to give me access to the WebGUI using the WAN IP (213.XXX.XXX.40) using the shell commands in the previous posts in this thread.
                Using the WebGui, I have then configured the WAN to use 213.XXX.XXX.40 (using the /32 notation which is not possible when you only have shell access) and have given the same IP (213.XXX.XXX.40) as the gateway IP.

                But: nothing works (nor inbound or outbound connection) :-(
                Current "solution": run "pfctl -d", then I have access from the pfSense shell outbound (I can e.g. ping google) and I can access the WebGUI from external using the WAN IP (213.XXX.XXX.40).

                And here comes my question:
                What is the last "step" which I am missing to get the firewall let my data through?
                I have already rules for the firewall so that LAN has access to "everything" and WAN Port 443 to "Firewall (itself)" but unless I disable the firewall using "pfctl -d" I have no outbound/inbound
                connection :-(

                Hopefully somebody can help me to solve this final part :-)

                Thanks a lot for your help!

                Best regards,

                Christian

                1 Reply Last reply Reply Quote 0
                • S
                  strandvaskeren
                  last edited by

                  Sorry for necroing an old thread, but I had this exact problem and after trying a little bit of everything without luck, I stumbled onto a solution.

                  System, Gateways, Edit your WAN gateway, click advanced and checkmark the "Use non-local gateway" at the bottom.

                  1 Reply Last reply Reply Quote 0
                  • C
                    CryoGenID
                    last edited by

                    Ah great thanks! :)

                    That might come in handy in the future  :D

                    Best regards,

                    Chris

                    1 Reply Last reply Reply Quote 0
                    • jahonixJ
                      jahonix
                      last edited by

                      @CryoGenID:

                      … I can access the WebGUI from external using the WAN IP ...

                      Not the best of ideas. Use a VPN to tunnel into your network and access the GUI via its Lan interface there.
                      Having the UI open to the internet is quite dangerous. Remember to only do this via HTTPS, never with HTTP.

                      1 Reply Last reply Reply Quote 0
                      • C
                        CryoGenID
                        last edited by

                        Of course ;-)

                        But you need to access it for a short time via WAN to complete the configuration and then pfSense is only accessible via openVPN ;-)

                        Best regards,

                        Chris

                        1 Reply Last reply Reply Quote 0
                        • jahonixJ
                          jahonix
                          last edited by

                          Huh, why do you need to access it via its WAN interface for configuration?
                          Thats usually done via Lan. Only.

                          1 Reply Last reply Reply Quote 0
                          • C
                            CryoGenID
                            last edited by

                            In order not to flood this thread with unreladed information just a brief explanation:
                            When you order their root server, you only get one public IP. You have to quickly install ESXi using the WAN IP, then install pfSense, switch ESXi over to a local IP and then use the public IP for the basic configuration of pfSense until openVPN works correctly.
                            Then you can switch pfSense back to the private IP and everything is secure again :)

                            Best regards,

                            Chris

                            1 Reply Last reply Reply Quote 0
                            • E
                              Elrick75
                              last edited by Elrick75

                              Hi to all,

                              I'm facing to the same problem, WAN connexion is droped after 10min, and up after 10 other...
                              I try to add route or modify "Use non-local gateway" in WAN gateway advanced, but it doesn't fix the problem.

                              f8db588f-7b67-4e9e-b040-f2425f22c50b-image.png

                              How can i fix WAN connexion ?

                              Best Regards.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.