Feature #972
closedAllow adding gateways outside of interface subnet
100%
Description
Gateways outside of the interface's IP subnet, on Ethernet links, cannot be added under normal circumstances as it's not really a valid config and FreeBSD won't add the default gateway as normal, and will not issue ARP requests for IPs outside of directly connected subnets. The work around to add such a gateway is to run:
# route add -net gatewayip/32 -iface em0 -cloning # route add default gatewayip
Updated by Seth Mos about 14 years ago
As I understood from Remko Lodder there is a large ISP in .de that also employs this with their ipv6 configuration. Odd.
Updated by Iñigo Martinez about 14 years ago
Gateway test should check in both subnet interface and IP ALIAS subnet.
At this moment, only subnet interface is checked, but not subnet ip alias.
Updated by Franck Bourdonnec over 13 years ago
well, OVH big big french provider is also using this king of setup
A well english detailled big page explain all here
http://blog.magiksys.net/pfsense-firewall-default-gateway-different-subnet
Please implement your two lines fix asap when you detect the strange configuration !
Issue a warning if you want, but don't forbide it.
Franck
Updated by Mike Noordermeer over 12 years ago
This is an rather large issue for me, since my ISP is using HSRP for redundancy on IPv6, and they provide me a link-local address as gateway... I can't enter that address into PFSense and thus can't use an IPv6 IP.
Updated by Jim Pingle over 12 years ago
AT&T is doing this now on their network handing off DHCP with a /32 mask with certain uverse gear like the NVG510, so when we fix this, we'll need to also account for supporting this inside of dhclient-script
Updated by Jim Pingle over 11 years ago
Apparently -cloning has been deprecated in FreeBSD, so that parameter should be removed from the above command.
# route add -net gatewayip/32 -iface em0 # route add default gatewayip
Updated by Oliver K. almost 11 years ago
Three years and counting... How is this still not implemented / patched?
Updated by Chris Buechler almost 11 years ago
because accommodating 1 in 100,000 scenarios isn't a priority, especially when there is an easy manual work around. Patches welcome.
Updated by Dan F almost 11 years ago
What would be the "correct" way to make this survive reboots, please?
Updated by Dédé D almost 11 years ago
Hi Dan,
I felt in the same trouble, and I the idea I have found to survive reboot is using the ShellCmd package : https://doc.pfsense.org/index.php/Executing_commands_at_boot_time
I added the workaround lines in comment #6, and it works (OVH Hyper-V 2008 guest VM).
Updated by Jim Thompson about 9 years ago
- Assignee set to Chris Buechler
PR #2119 claims to fix this and #1847
Please evaluate and report.
Updated by Jim Thompson about 9 years ago
- Target version changed from Future to 2.3
target set to 2.3
change it back if we don't want to add this now.
Looks like a low-drama PR though.
Updated by Chris Buechler about 9 years ago
- Category set to Gateways
- Status changed from New to Feedback
It works, went ahead and merged it. The deletion doesn't happen correctly, added a comment to that PR, hopefully PiBa can follow up with a fix there.
Leaving for verification again once it's in a snapshot.
Updated by Pi Ba about 9 years ago
- % Done changed from 0 to 100
Applied in changeset de34f1fc12f29db0348f8ff9b1bc8300d9fb74d2.
Updated by Chris Buechler almost 9 years ago
- Status changed from Feedback to Resolved
these are added and removed correctly now