In the previous article, I covered configuring a gateway, and in this article I will build on that by using the gateway in a pfSense static route. Static routing is a method of configuring path selection of routers in computer networks. It is the type of routing that takes place in the absence of communication between routers regarding the current topology of the network. This is accomplished by manually adding routes to the routing table. An entire network could be configured using static rules, but it would not be fault tolerant. When there is a change in the network or there is a failure between two static nodes, traffic will not be rerouted. There are, however, times when static routes can improve the performance of a network. Two such examples are:
- Stub networks: A stub network is a network or part of an internetwork with no knowledge of other networks that will typically send all of its non-local traffic out via a single path, with the network only aware of a default route to non-local destinations. Examples include an enterprise LAN that connects to the corporate router via one router, or a single LAN which never carries packets between multiple routers.
- Default routes: A default route is the rule that takes effect when no other route can be determined for an IP address. All packets for destinations not established are sent via the default route. In IPv4, the default route is designated as the zero-address (0.0.0.0); a route that does not match any other route falls back to this route. You can see the routing table under UNIX/Linux by typing “netstat -r” at the command line. You can see the routing table under Windows by typing “route print” at the command line.
While excessive reliance on static routing is generally not a good idea, it often proves useful and therefore it is advantageous to know how to configure a pfSense static route.
pfSense Static Route Configuration
In this example, I will use the gateway created in the previous article (DMZ_Gateway). For purposes of this example, assume the topology of the network does not provide a path to the DMZ. There is an FTP server on the DMZ that we want to access. First, navigate to System -> Routing. There are three tabs (“Gateways“, “Routes“, “Groups“); click on the “Routes” tab and click the “plus” button to add a new route. At “Destination“, type in the IP address of the destination network, which in our case is the DMZ network (assume it is 192.168.3.0). At the drop-down box, select the number of bits in the subnet mask (assume it is 24). At “Gateway“, choose the gateway we defined in the previous article, or whichever gateway is appropriate. At “Description“, you can enter a description of the route (e.g. “Static route to the DMZ“). Press the “Save” button to save the changes, and at the next screen, press the “Apply changes” button if necessary.
By defining a pfSense static route, we have now hard-coded a path to the DMZ, and we can access it through this static route, and this gateway can now be used by other users of this firewall.