PfSense interface and routing
-
OK, what am I missing with this?!?
I have a pfSense system setup with multiple interfaces.
Interface 1: LAN
Interface 2: Internet (FiOS, configured with a gateway address)
Interface 3: Private fiber WAN ***A machine on the LAN can get out to the Internet and works well. The Interface 3 (Private fiber WAN) is not setup with a routing switch, so there is not a 'gateway' for the subnet. The best description would be a traditional home network with a Linksys router. Yes, it has a gateway, but the linksys router does not know to route back (can't gain access to linksys).
The Linux firewall I am replacing with pfSense was able to work with the Private fiber WAN because the interface was setup to not have a gateway address. It simply dumped traffic with that subnet on that interface. (I know, seriously bad… but out of my control).
How can I do something similar on pfSense?
Effectively, it needs to route 172.20.0.0/16 to Interface 3, without any gateway. I found some BSD commands to manipulate from the console but it does not stick. Has someone had this issue and already found a solution to get pfSense working in this manner?
-
In proper routing a route is literally just a destination network range and the gateway used to reach that network range. So you can't have a route without a gateway.
Dumping traffic onto an interface is known as a connected network and is using ARP, not routing, to handle traffic. So if you want pfSense to send traffic bound for 172.20.0.0/16 to interface 3 without a gateway then you need to give pfSense an IP in this range on interface 3 and make sure there are no layer 3 devices between pfSense and the client machines on this network.
I suppose you could put a proxy ARP device of some kind between pfSense and the 172.20.0.0/16 network and then create another /16 subent between pfSense and the proxy ARP device, but that would just make things complicated.