• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Static route with interface

Scheduled Pinned Locked Moved Routing and Multi WAN
6 Posts 3 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    klona
    last edited by May 18, 2015, 5:24 PM May 18, 2015, 4:59 PM

    Hi,
    I just got a second WAN, and modem is in bridge mode. It gives IP, DNS & Gateway to Pfsense, with the correct MAC spoofing
    ISP force DHCP, no way to use static config for security reasons.

    Only problem is the gateway, with an IP outside the WAN network.

    I can make it working with :
    route add -inet xxx.xxx.xxx.254 -link -iface em2

    But after some time (10 minutes it seems) connexion fails, no traffic anymore to the gateway.
    I should add that I monitor one of the DNS for online check, and continuous ping gives me allways a 10ms ping, stable and always there.

    Route is still there in netmap -nr, but no more traffic even 1 hour later.

    if I disable WAN2 interface, re-enable, then add again the route, this start again to work.

    I guess that some SSH hacking in routes is not a good idea with a GUI/database router as Pfsense, so I tried to add this route in the interface.

    In System/routing/route, I can add a static route, but only to WAN2 IP range, not to WAN2 interface (em2)

    Any Idea ?

    1 Reply Last reply Reply Quote 0
    • H
      heper
      last edited by May 18, 2015, 5:20 PM

      https://forum.pfsense.org/index.php?topic=85996.0

      1 Reply Last reply Reply Quote 0
      • K
        klona
        last edited by May 18, 2015, 11:40 PM

        Hi, Thnaks for pointing me on this post, I did not find it.

        I have a static IP, so it should be easier.

        But, my ISP force DHCP, and the DHCP serveur gives the gateway.
        Routing to IP from the GUI should create internaly a rules like :
        route add -inet 185.4.79.254  -link  -inet 185.4.79.254 as 185.4.79.254 is the gateway from DHCP and identify my WAN in static rules, but is also my real GW..

        And my CLI route add -inet 185.4.79.254/32 -link -iface em2 is working. Except it cut every 10 min for 10 min if I do not reset WAN interface before..

        Klona

        1 Reply Last reply Reply Quote 0
        • K
          klona
          last edited by May 19, 2015, 11:36 PM

          Hi.

          I really don't understand/ And the more testing, the less I understand.

          Modem is in bridge, and give through DHCP ip, Mask, DNS, and gatewxay outside the IP subnet.  OK
          Adding route through Console make the trick and internet access is OK… For 10 minutes approx.
          Then It's down for approx 10 min. Then Up again, etc..

          I tried with Ipcop on a VM, no problem. I also tried with a Cisco Meraki, no problem.

          I also have another ISP, modem in bridge mode, stable for months with my Pfsense.

          Does anyone has a clue or even just an idea how to log and identify this problem ?

          1 Reply Last reply Reply Quote 0
          • R
            rubic
            last edited by May 20, 2015, 2:57 AM

            It would be interesting to see what DHCP options the server gives to you. Could you please post a packet capture of DHCPACK?

            1 Reply Last reply Reply Quote 0
            • K
              klona
              last edited by May 20, 2015, 4:29 PM

              Hi Thanks,
              i did'nt know about packet capture inside Pfsense. Great tool.

              16:11:59.654405 00:0c:29:4f:xx:xx > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)
                  185.45.xx.xx.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP, Request from 00:0c:29:4f:bf:8a, length 300, xid 0x713f4345, Flags [none] (0x0000)
                Client-Ethernet-Address 00:0c:29:4f:xx:xx
                Vendor-rfc1048 Extensions
                  Magic Cookie 0x63825363
                  DHCP-Message Option 53, length 1: Request
                  Requested-IP Option 50, length 4: 185.45.xx.xx
                  Client-ID Option 61, length 7: ether 00:0c:29:4f:xx:xx
                  Hostname Option 12, length 7: "pfsense"
                  Parameter-Request Option 55, length 9:
                    Subnet-Mask, BR, Time-Zone, Classless-Static-Route
                    Default-Gateway, Domain-Name, Domain-Name-Server, Hostname
                    Option 119

              16:11:59.770129 e0:97:96:a2:xx:xx > 00:0c:29:4f:xx:xx, ethertype IPv4 (0x0800), length 342: (tos 0x0, ttl 63, id 50246, offset 0, flags [DF], proto UDP (17), length 328)
                  172.16.100.xx.67 > 185.45.xx.xx.68: [udp sum ok] BOOTP/DHCP, Reply, length 300, hops 1, xid 0x713f4345, Flags [none] (0x0000)
                Your-IP 185.45.xx.xx
                Gateway-IP 172.16.102.xx
                Client-Ethernet-Address 00:0c:29:4f:xx:xx
                Vendor-rfc1048 Extensions
                  Magic Cookie 0x63825363
                  DHCP-Message Option 53, length 1: ACK
                  Server-ID Option 54, length 4: 172.16.100.xx
                  Lease-Time Option 51, length 4: 150000
                  Subnet-Mask Option 1, length 4: 255.255.255.255
                  Default-Gateway Option 3, length 4: 185.4.79.254
                  Domain-Name-Server Option 6, length 8: 178.250.xx.xx,178.250.xx.xx

              I am going to get some full wireshark log at up and down time and try to find some clue..

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received