I need to migrate a linux machine to some kind of router distribution, I've chosen pfSense for this. The problem is that the WAN configuration used on the linux machine is really crappy, however this can't be changed right now. Current configuration:
auto eth2
iface eth2 inet static
address 123.123.123.1
netmask 255.255.255.255
network 123.123.123.1
broadcast 123.123.123.1
up route add -host 123.123.123.4 eth2 || true
up route add default gw 123.123.123.4 eth2
The crappy thing on this is that it routes from eth0 to eth2, eth0 is a 123.123.123.0/24 subnet and eth2 uses 123.123.123.4, so an IP out of the subnet of eth0, as next hop. I tried getting this configuration to work using pfSense, therefore:
// pfSense WAN configuration
static IP: 123.123.123.1/24
gateway: 123.123.123.4
This seems to work, however I had to use a /24 net, while on the original linux configuration, there is a /32 on the WAN side. Is this any problem? What's the practical difference between this? I couldn't use /32 on the pfSense WAN, as pfSense expects the gateway to be in the subnet of the WAN IP.
Update:
My current configuration now looks like this:
// pfSense WAN configuration
static IP: 123.456.789.1/29
gateway: 123.456.789.4
// pfSense LAN configuration
static IP: 123.456.789.1/24
- NAT is disabled
When using this configuration I can't access the web interface anymore, it works again when I reset the WAN IP - anyone knows how to get the routing working / access the webinterafce with this configuration? I know this config sucks, but as WAN and LAN are different interfaces, shouldn't pfSense be able to distinguish between them?
You need to use whatever the real mask of that subnet is, as provided by your ISP. It won't be /32. /24 may be too big of a subnet depending, in which case you'll break connectivity to other customers of your ISP.
You can use a 123.123.123.1/29, thats the minimal supernet that contains .1 and .4.
Problems exist only, if you want to reach other hosts within this network that lie outside this layer2. Basically you have to deal with the "longest prefix matches" way routing works.
How did you configure eth2 on the pfSense Box?