PfSense Newbie Help Requested
-
Hi everyone,
This is my first time installing pfSense and I was able to install it just fine. My LAN works perfectly, but I can't seem to access the internet over my WAN connection. I know I am missing something or doing something horribly wrong here. Any help would be appreciated.Here is my setup:
LAN: 192.168.1.0/24 (pfSense ip is 192.168.1.1) [em0]
WAN: Static IP DSL - 64.81.37.134/32 - Gateway: 64.81.37.1 [em1]I can ping anything inside the 192.168.1.x space, but can't ping any ip address on the WAN connection.
There is an entry in my system log that says this:kernel: arpresolve: can't allocate route for 64.81.37.1
I KNOW those static settings work for the DSL line because if I plug it into my cheapo linksys router it works perfectly.
I haven't setup any firewall rules yet, but I thought the default would be to allow outbound traffic and block inbound.If anyone has any ideas send em my way.
-
SOLVED:
I called my OpenBSD friend and we figured it out. Everything worked peachy when I switched my WAN interface to a /24. For some reason /32 (which I thought should be 1 ip) was giving a netmask of 0xffffffff which will never ever work. Why does a /32 get that netmask?
-
This is CIDR notation:
http://en.wikipedia.org/wiki/CIDR -
SOLVED:
I called my OpenBSD friend and we figured it out. Everything worked peachy when I switched my WAN interface to a /24. For some reason /32 (which I thought should be 1 ip) was giving a netmask of 0xffffffff which will never ever work. Why does a /32 get that netmask?
The netmask tells the host which other IPs fall within the same subnet.
A CIDR notation of /24 tells the host that it is on the x.y.z.0 subnet, the broadcast address is x.y.z.255 and that any IP's within this range (non-inclusive of .0 and .255) is a host within the same subnet.
Hence, the first valid IP is x.y.z.1 and the last is x.y.z.254. Giving a total of 254 valid IP addresses or calculated from the CIDR: ( 2 power of (32-CIDR num) ) - 2
I don't think /32 is even possible to use (I might be wrong though) since there is only one valid IP. At least, in your case, I don't think it's possible. -
Here's an excerpt of the log of my PPPoE session being established with the IP address redacted. Note the netmask :)
[pppoe] exec: /sbin/ifconfig ng0 x.x.x.157 x.x.x.254 netmask 0xffffffff -link0
-
This is something pppeo specific that doesnt apply to normal ethernet.
-
Yah, after reading this the next day I fully realize my mistake with the notation. When I checked my Linksys settings I found that I was using 255.255.255.0 [/24] anyway. You ever beat your head against a wall so many times figuring something out that you stop thinking clearly?
LOL, I had such a hard time just getting pfSense installed on a machine that would detect all the network cards and this mistake happened towards the end of a very long day. I gotta remember to take a break sometimes. ;)
Completely IMHO, I think it would be nice if you could put in the actual subnet rather than the / notation in pfSense. It is a little bit more user friendly as most people are used to that notation if they haven't had a ton of networking experience. Also, once you get beyond /24 it becomes a bit of a mental stretch to figure them out. Just my 2 cents.