> > I have a ? / feature request. If pfS IS NOT the default GW on the LAN
> > then I suppose that the only way to direct all traffic out the
> > "REAL/PRIMARY" GW is to enter a static route for the LAN subnet to an
> > alternate IP address (that of the default GW for the LAN).
> I believe you can enter a route with destination 0.0.0.0/0, which is the
> same as your default route. Mind you, that will override your WAN's
> default gateway (or they might fight with each other and really screw
> stuff up, depending on the situation).If you have a LAN setup w/ the PRIMARY GW as something other tha! n the pfS LAN IP then you have to route traffic appropriately and therefore you need to have pfS point to it (PRIMARY GW) as the default GW for the LAN. Say for example; LAN subnet 192.168.100.0/24 and to have a default GW of 192.168.100.1 then you plunk in a pfS box to do site to site VPN, then you have to route to have two way conversation (from the other side of the VPN) w/ clients that have 192.168.100.1 as their default GW.
> > I think that this would be a real nice feature addition for those who
> > are adding pfS to their already existing LAN, for say a dedicated test
> > platform, or dedicated VPN concentrator .... or a plethora of other
> > reasons.
> in that type of situation, you either need your pfsense WAN interface
> connected to your LAN (hence the default gateway will be correct), or if
> you have public IP's to spare, the LAN interface can be on your LAN, and
> the WAN o! n the Internet, and you would still not need any static routes
> unless your LAN contains subnets other than the primary LAN subnet.Maybe I am missing something then, as I have this exact setup. And for site2site communications through the VPN (where pfS IS NOT the default GW on either end of the tunnel) I have to enter static routes for the talks to establish. Keeping in mind that the PRIMARY GW has static routes in it for the "far" end subnets of the tunnel with the GW as the pfS LAN IP for those subnets.
I could provide a diagram via gif snapshot but fear that it will not come through (as I have had issues with this before).
- Re: Re: [pfSense Support] default gateway on LAN ??? David Strout
- Re: Re: [pfSense Support] default gateway on LAN ??? David Strout
- Re: Re: [pfSense Support] default gateway on LAN ?... Bill Marquette
- Re: [pfSense Support] default gateway on LAN ?... Chris Buechler
- Re: [pfSense Support] default gateway on L... Bill Marquette
