PfSense interface and routing



  • OK, what am I missing with this?!?

    I have a pfSense system setup with multiple interfaces.

    Interface 1: LAN
    Interface 2: Internet (FiOS, configured with a gateway address)
    Interface 3: Private fiber WAN ***

    A machine on the LAN can get out to the Internet and works well. The Interface 3 (Private fiber WAN) is not setup with a routing switch, so there is not a 'gateway' for the subnet. The best description would be a traditional home network with a Linksys router. Yes, it has a gateway, but the linksys router does not know to route back (can't gain access to linksys).

    The Linux firewall I am replacing with pfSense was able to work with the Private fiber WAN because the interface was setup to not have a gateway address.  It simply dumped traffic with that subnet on that interface. (I know, seriously bad… but out of my control).

    How can I do something similar on pfSense?

    Effectively, it needs to route 172.20.0.0/16 to Interface 3, without any gateway.  I found some BSD commands to manipulate from the console but it does not stick.  Has someone had this issue and already found a solution to get pfSense working in this manner?



  • In proper routing a route is literally just a destination network range and the gateway used to reach that network range. So you can't have a route without a gateway.

    Dumping traffic onto an interface is known as a connected network and is using ARP, not routing, to handle traffic. So if you want pfSense to send traffic bound for 172.20.0.0/16 to interface 3 without a gateway then you need to give pfSense an IP in this range on interface 3 and make sure there are no layer 3 devices between pfSense and the client machines on this network.

    I suppose you could put a proxy ARP device of some kind between pfSense and the 172.20.0.0/16 network and then create another /16 subent between pfSense and the proxy ARP device, but that would just make things complicated.


Log in to reply