Reader E-Mail: Gateways

pfsense-logo-chopped-219x160It’s the weekend, and I thought I would use it as an opportunity to catch up on e-mails for this site. I came across the following message in my inbox:

Hi, I’m enjoying reading your setup guides you have obviously put in a lot of time and effort.
In this article about gateways you haven’t really explained why you would want to add a gateway. Adding an unrequired gateway to an internal interface is a very common setup error that can cause problems for new users. In the majority of setups you would never need to manually add a gateway.
Anyway keep up the good work!

Admittedly, my article on gateways may have caused some confusion, so hopefully I can clear it up here.

In most cases, the “gateway” is simply the network interface to which remote traffic is directed. This will simply be the IP address of the router in the case of most home or SOHO networks, and we don’t need to configure anything separately; it is enough to know what the default gateway is so we can use it to set up nodes on our side of the router. In cases where DHCP is used, the systems get this information from the router used as a DHCP server, so knowing the gateway IP may not even be necessary (though helpful if something goes wrong). Assume, for example, that we have a relatively simple home network, with several computers connected to a switch, and the uplink port of the switch connected to the router. All computers on the local network have a network prefix of, and the router (which, we will conveniently assume, is a pfSense box) has and IP address of Our nodes have similar IP addresses, such as,, and so on.

Let’s assume that is sending a frame to Since the address is local, the sending system can use Address Resolution Protocol (ARP), a protocol for resolving network layer addresses into link layer addresses, to find the MAC address of destination node. Each node maintains its own ARP table, and the MAC address may well be in that table. If it isn’t, however, the sending node can send a broadcast frame to all nodes on the local network to find out which node is If is online, it will respond with an ARP reply. The sending node will get the ARP reply, store the MAC address for in its ARP table, and send a frame with the MAC address of as the destination.

If, however, wants to send a frame to, say, (the address of this site), then there is a different outcome. The system should recognize this address as being outside the network. As a result, the sending system will create packets with the remote system’s IP address and create frames with the default gateway’s MAC address (this is our pfSense box at When the default gateway receives the frame, it will strip off the frame, inspect the IP packets, wrap them in whatever type of frame the outgoing connection needs. It will then send them out through the WAN interface, in the hope that someone upstream can direct the packets to their destination.

I think this is a fairly straightforward explanation of the gateway’s role in a network, but a lot of readers of this blog may be more knowledgeable than I am and may have their own views. If anyone has anything to contribute to this discussion, feel free to comment.

Be Sociable, Share!

Speak Your Mind


© 2013 David Zientara. All rights reserved. Privacy Policy