My network is overcomplicated mess, what shall I do to simplify it?

Patch

@Octopuss said in My network is overcomplicated mess, what shall I do to simplify it?:

Wireless is just ... and ceiling lights.
...
I might actually like to restrict the lights!

What wireless AP do you use? In particular does it support VLAN to different SSID?

Octopuss

@Patch I think so. Ruckus R610.

Patch

@Octopuss
The hardware appears to support it https://ruckus.optrics.com/downloads/access-points/ds-ruckus-r610.pdf

However the licensing structure looks complicated so no idea if you actually have access to those features. I have not used that hardware.

If you have access to VLAN's on your AP however creating a VLAN in pfsense and routing it to your AP would enable easily isolating your light switches

Octopuss

Honestly, the lights isolation is not really a prirotity. I'd like to redo the network first to have something to build upon.

Patch

@Octopuss Then just use 2 interfaces.

• Wan only connecting you external Wan line to pfsense WAN port (via your hypervisor and/or pass through)

• LAN net connecting pfsense LAN port to all other local devices (Switch, AP, wifi devices). All on the same DHCP address range.

The physical connections will depend on what physical NICs your hypervisor hardware has.
You can add a separate interface to pfsense later if you want some isolation for of some of your local devices.

Octopuss

@Patch I think that's what I have already. It's just the IP addresses that are a mess. If it doesn't matter what IP does the switch and pfSense have, I'll just move everything wired to a single subnet and call it a day I guess.

Patch

@Octopuss without knowing what interfaces you have set up it is hard to say.
Please post a screenshot of

• Interface -> Interface assignments
• Firewall -> Rules -> What will be your LAN interface for everything

Octopuss

Heh, I have a different problem now.
I simply changed the IP of pfSense, the switch, and changed the IPs of the static DHCP mappings, and now I can't access anything by hostnames anymore.
Does anyone know what might be the problem?
I rebooted both the server and the switch, but it didn't help.

Gertjan

@Octopuss said in My network is overcomplicated mess, what shall I do to simplify it?:

what's the best IP to give to the switch and pfSense. Perhaps I should use the usual 192.168.1.1 for either of those?

Two devices with the same IP in the same network ?
Easy : don't.

Prepare yourself.
Soon, you'll have to chose among (example) :
2001:0db8:0000:0000:0000:0000:0000:0000 and 2001:0db8:0000:0000:ffff:ffff:ffff:ffff

So, you might as well you go straight to the solution everybody will adopt eventually : K.I.S.

Octopuss

@Octopuss said in My network is overcomplicated mess, what shall I do to simplify it?:

Heh, I have a different problem now.
I simply changed the IP of pfSense, the switch, and changed the IPs of the static DHCP mappings, and now I can't access anything by hostnames anymore.
Does anyone know what might be the problem?
I rebooted both the server and the switch, but it didn't help.

switch 192.168.0.2 -> 192.168.1.1
server 192.168.2.1 -> 192.168.1.3
pfSense VM 192.168.0.1 -> 192.168.1.2 (it's still /22)

Now for example, the seedbox I have I changed the mapping from 192.168.2.6 to 192.168.1.8, and can only access it by its IP now, and when I log in, it shows the old IP next to the hostname.
I just don't understand anything anymore.

Octopuss

@Octopuss Ok this is even more bizarre.
The seedbox started working, but TrueNAS doesn't work. It responds to pings to skladiste.local, but the domain I have long ago set in pfSense is lan. What's going on there?

AndyRH

If you are going to change IPs, I would suggest nothing lower than 192.168.4.0/24. Too many things default to 0,1,and 2. I always use even numbers in the 3rd octet in case I decide to change to a /23. (it has never happened at my place)
Start simple, everything on 1 network. Once that is working look at moving something like IoT to a new network. If it goes bad you can simply return to a known working state.

In my case:
.42 is the primary network (the meaning of life, the universe and everything)
.2 is the camera network
.100 is the network with no ad-blocking (PiHole group with only porn lists for this subnet)
.66 is the evil network, Alexa is here (My wife made me do it)
.250 is my rescue network and is LAN on pfSense, it is a physical port on the Netgate device, it is not used except when I screw up.

The various networks have rules allowing traffic as I see fit, such as .42 can get to all except .66. .66 can only get to the internet. .2 has very restricted access to .42, but no others. The list goes on.

This evolved over years and at some point I may have been as complex as you, but I scratched the whole thing and moved to .42 and grew the rest.

While not a direct answer to your questions, I hope it helps.

Octopuss

I declared defeat and restored everything from a backup. I guess there are some setting dug deep in pfSense that I cannot find or whatever.

I really don't know what I'm doing and I might be better off doing a clean server reinstall. Or pfSense itself at the very least.
And maybe a switch cannot be in the same subnet as the router. Or I don't know.
Either way, I'm super pissed. This is way outside of my skills. What seemed like a trivial changing of a few IP adressed turned out to be an entire day completely wasted for nothing.

Octopuss

Out of curiosity though, what should I set default gateway to on the ESXi host and in the IPMI interface? Does it even matter?

Patch

@Octopuss said in My network is overcomplicated mess, what shall I do to simplify it?:

I really don't know what I'm doing and I might be better off doing a clean server reinstall.

Help is likely to be available but you need to provide information to get meaningful help, in particular

@Patch said in My network is overcomplicated mess, what shall I do to simplify it?:

Please post a screenshot of

Interface -> Interface assignments
Firewall -> Rules -> What will be your LAN interface for everything 

The reason is you talk about multiple IP ranges which implies multiple interfaces. To move devices from one interface / address range to another requires knowledge of what network structure you actually have and what specifically you are actually trying to achieve. Vague descriptions are not helpful.

NollipfSense

@Octopuss You had an actual network issue using pfSense...should have posted in the General pfSense Questions.

Octopuss

@NollipfSense said in My network is overcomplicated mess, what shall I do to simplify it?:

@Octopuss You had an actual network issue using pfSense...should have posted in the General pfSense Questions.

So helpful. Wow.

NollipfSense

@Octopuss said in My network is overcomplicated mess, what shall I do to simplify it?:

So helpful. Wow.

I am telling where's best to post your issues instead of Off-Topic & Non-Support for next time if your issue isn't resolved.