• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

WAN IP is on different subnet than default Gateway

Scheduled Pinned Locked Moved Routing and Multi WAN
13 Posts 6 Posters 7.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    thept
    last edited by Dec 29, 2014, 2:14 AM

    WAN IP is on different subnet than default Gateway

    I have one pfSense (2.1.5-RELEASE (i386)) installed in an ISP (MEO in Portugal) where the default gateway is not on same subnet - WAN (dynamic) IP is in 85.xxx.xxx.xxx range, and default Gateway is 194.65.169.245. WAN interface name is bge0.

    To be able to access Internet, I have installed package Shellcmd to run the folowing commnands on reboot:
    (thanks -> http://blog.magiksys.net/pfsense-firewall-default-gateway-different-subnet)

    • route add -net 194.65.169.245/32 -iface bge0
    • route add default 194.65.169.245

    … but when my WAN IP changes, I lose internet connection - to solve this problem, I created the bellow script and installed another package, Cron, to be able to manage my custom script shedule.


    **#!/bin/tcsh -f

    Script name - my_rewrite_routes.sh

    used to rewrite routes on pfSense when default Gateway not in same subnet of WAN IP

    run with Cron

    2.1.5-RELEASE (i386)

    built on Mon Aug 25 07:44:26 EDT 2014

    FreeBSD 8.3-RELEASE-p16

    created DEZ 2014

    Jose Luis - jluis144@hotmail.com

    set myDATE=date

    get current WAN IP

    set myNEWWANIP=ifconfig bge0 | grep "inet "
    set myNEWWANIP= ( $myNEWWANIP )

    get last WAN IP

    set myLASTWANIP=cat /tmp/mylastwanip.txt

    if ( "$myNEWWANIP[2]" == "$myLASTWANIP" ) then

    echo "Same IP - nothing done."

    else

    Update Routes

    route add -net 194.65.169.245/32 -iface bge0
    route add default 194.65.169.245

    update current IP helper file

    echo "$myNEWWANIP[2]" > /tmp/mylastwanip.txt

    update log file

    echo "$myDATE - $myNEWWANIP[2]" >> /tmp/mylastwanip_log.txt

    echo "Different IP - rewriting Routes"

    endif**
    –--------------------------------------------------------------------

    so, i'd like to:

    • know if there is a better way to solve this?
    • because I'm a noob respecting to scripting, could someone improve this script?
    • I have placed this script in /usr/local/bin - is this correct, or is there a better place?
    • any other comments...

    Thanks in advance,
    Jose Luis

    1 Reply Last reply Reply Quote 0
    • R
      rubic
      last edited by Dec 29, 2014, 11:36 AM

      @thept:

      • route add -net 194.65.169.245/32 -iface bge0

      This can be done using GUI. 1. Add a new gateway in the "System->Routing->Gateways":

      Interface: WAN
      Name: Name
      Gateway: leave blank
      Default Gateway: no
      Disable Gateway Monitoring: yes

      2. Add static route in the "System->Routing->Routes":

      Destination network: 194.65.169.245/32
      Gateway: Name

      1 Reply Last reply Reply Quote 0
      • T
        thept
        last edited by Dec 29, 2014, 5:49 PM

        Hello,
        Thanks for your answer.

        I have tried your approach with a slight difference - I have marked the Default Gateway box (I assumed that should be one Default Gateway).

        With the Default Gateway box marked, when my WAN IP changes, everyone loses Internet connection, even a reboot does not restore connection.

        Because this is a production machine, I'm not able to easily test your approach, but when I can, I will post the results.

        Anyway, my solution is working, but because my scripting skills are not the best, I know that the script could be improved…

        Jose Luis

        1 Reply Last reply Reply Quote 0
        • R
          rubic
          last edited by Dec 31, 2014, 7:00 AM

          Sorry, I meant that "route add -net 194.65.169.245/32 -iface bge0" can be done via GUI. After steps 1, 2 you still need to add default gateway using script (route add default 194.65.169.245).

          1 Reply Last reply Reply Quote 0
          • T
            thept
            last edited by Jan 3, 2015, 2:53 AM Jan 3, 2015, 2:40 AM

            Well,

            someone have rewrited the script (my brother …), so a better and cleaner version will be:

            **–--------------------------------------------------------------------
            #!/bin/sh

            Script name - my_rewrite_routes.sh

            DEZ 2014 - Jose Luis - jluis144@hotmail.com

            used to rewrite routes on pfSense when default Gateway not in same subnet of WAN IP

            run with Cron

            2.1.5-RELEASE (i386)

            built on Mon Aug 25 07:44:26 EDT 2014

            FreeBSD 8.3-RELEASE-p16

            myDATE=date

            Get current WAN IP

            myNEWWANIP=/sbin/ifconfig bge0 | grep "inet " | awk '{print $2}'

            Get last WAN IP

            read myLASTWANIP < /tmp/.mylastwanip.txt

            echo "myNEWWANIP : $myNEWWANIP"
            echo "myLASTWANIP : $myLASTWANIP"

            if [ "$myNEWWANIP" != "$myLASTWANIP" ]
            then

            Update Routes

            #route add -net 194.65.169.245/32 -iface bge0
            #route add default 194.65.169.245

            Update current IP helper file / Update log file

            echo "$myNEWWANIP" > /tmp/.mylastwanip.txt
            echo "$myDATE - $myNEWWANIP" >> /tmp/.mylastwanip_log.txt
            fi
            –--------------------------------------------------------------------**

            1 Reply Last reply Reply Quote 0
            • C
              CryoGenID
              last edited by Apr 11, 2015, 7:22 AM

              Hello,

              I just have started installing pfSense on a provider here in Germany (Webtropia) with the same setup (it seems that way anyway):
              I have an IP address for pfSense (213.XXX.XXX.40/32) but the Gateway is 193.XXX.XXX.1.

              Reading this (and some other) thread I have found out how to get the system to give me access to the WebGUI using the WAN IP (213.XXX.XXX.40) using the shell commands in the previous posts in this thread.
              Using the WebGui, I have then configured the WAN to use 213.XXX.XXX.40 (using the /32 notation which is not possible when you only have shell access) and have given the same IP (213.XXX.XXX.40) as the gateway IP.

              But: nothing works (nor inbound or outbound connection) :-(
              Current "solution": run "pfctl -d", then I have access from the pfSense shell outbound (I can e.g. ping google) and I can access the WebGUI from external using the WAN IP (213.XXX.XXX.40).

              And here comes my question:
              What is the last "step" which I am missing to get the firewall let my data through?
              I have already rules for the firewall so that LAN has access to "everything" and WAN Port 443 to "Firewall (itself)" but unless I disable the firewall using "pfctl -d" I have no outbound/inbound
              connection :-(

              Hopefully somebody can help me to solve this final part :-)

              Thanks a lot for your help!

              Best regards,

              Christian

              1 Reply Last reply Reply Quote 0
              • S
                strandvaskeren
                last edited by Aug 22, 2017, 3:15 PM

                Sorry for necroing an old thread, but I had this exact problem and after trying a little bit of everything without luck, I stumbled onto a solution.

                System, Gateways, Edit your WAN gateway, click advanced and checkmark the "Use non-local gateway" at the bottom.

                1 Reply Last reply Reply Quote 0
                • C
                  CryoGenID
                  last edited by Aug 22, 2017, 6:04 PM

                  Ah great thanks! :)

                  That might come in handy in the future  :D

                  Best regards,

                  Chris

                  1 Reply Last reply Reply Quote 0
                  • jahonixJ
                    jahonix
                    last edited by Aug 22, 2017, 8:01 PM

                    @CryoGenID:

                    … I can access the WebGUI from external using the WAN IP ...

                    Not the best of ideas. Use a VPN to tunnel into your network and access the GUI via its Lan interface there.
                    Having the UI open to the internet is quite dangerous. Remember to only do this via HTTPS, never with HTTP.

                    1 Reply Last reply Reply Quote 0
                    • C
                      CryoGenID
                      last edited by Aug 22, 2017, 8:27 PM

                      Of course ;-)

                      But you need to access it for a short time via WAN to complete the configuration and then pfSense is only accessible via openVPN ;-)

                      Best regards,

                      Chris

                      1 Reply Last reply Reply Quote 0
                      • jahonixJ
                        jahonix
                        last edited by Aug 22, 2017, 8:47 PM

                        Huh, why do you need to access it via its WAN interface for configuration?
                        Thats usually done via Lan. Only.

                        1 Reply Last reply Reply Quote 0
                        • C
                          CryoGenID
                          last edited by Aug 23, 2017, 9:07 AM

                          In order not to flood this thread with unreladed information just a brief explanation:
                          When you order their root server, you only get one public IP. You have to quickly install ESXi using the WAN IP, then install pfSense, switch ESXi over to a local IP and then use the public IP for the basic configuration of pfSense until openVPN works correctly.
                          Then you can switch pfSense back to the private IP and everything is secure again :)

                          Best regards,

                          Chris

                          1 Reply Last reply Reply Quote 0
                          • E
                            Elrick75
                            last edited by Elrick75 Jul 14, 2019, 6:51 PM Jul 14, 2019, 5:34 PM

                            Hi to all,

                            I'm facing to the same problem, WAN connexion is droped after 10min, and up after 10 other...
                            I try to add route or modify "Use non-local gateway" in WAN gateway advanced, but it doesn't fix the problem.

                            f8db588f-7b67-4e9e-b040-f2425f22c50b-image.png

                            How can i fix WAN connexion ?

                            Best Regards.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                              [[user:consent.lead]]
                              [[user:consent.not_received]]