Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfSense interface and routing

    General pfSense Questions
    2
    2
    369
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rcilink last edited by

      OK, what am I missing with this?!?

      I have a pfSense system setup with multiple interfaces.

      Interface 1: LAN
      Interface 2: Internet (FiOS, configured with a gateway address)
      Interface 3: Private fiber WAN ***

      A machine on the LAN can get out to the Internet and works well. The Interface 3 (Private fiber WAN) is not setup with a routing switch, so there is not a 'gateway' for the subnet. The best description would be a traditional home network with a Linksys router. Yes, it has a gateway, but the linksys router does not know to route back (can't gain access to linksys).

      The Linux firewall I am replacing with pfSense was able to work with the Private fiber WAN because the interface was setup to not have a gateway address.  It simply dumped traffic with that subnet on that interface. (I know, seriously bad… but out of my control).

      How can I do something similar on pfSense?

      Effectively, it needs to route 172.20.0.0/16 to Interface 3, without any gateway.  I found some BSD commands to manipulate from the console but it does not stick.  Has someone had this issue and already found a solution to get pfSense working in this manner?

      1 Reply Last reply Reply Quote 0
      • A
        antillie last edited by

        In proper routing a route is literally just a destination network range and the gateway used to reach that network range. So you can't have a route without a gateway.

        Dumping traffic onto an interface is known as a connected network and is using ARP, not routing, to handle traffic. So if you want pfSense to send traffic bound for 172.20.0.0/16 to interface 3 without a gateway then you need to give pfSense an IP in this range on interface 3 and make sure there are no layer 3 devices between pfSense and the client machines on this network.

        I suppose you could put a proxy ARP device of some kind between pfSense and the 172.20.0.0/16 network and then create another /16 subent between pfSense and the proxy ARP device, but that would just make things complicated.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy