Change IP

Gertjan

Hi,

Do a clean install using the console access.
When "LAN" the wizard comes up, change the default 192.168.1.1/24 to something else.
DHCP will follow.

This method works fine, and is functional for a decade, or so.

pama

Thank, I know that with a clean install works (as I mentioned). The question is that I can't do a clean install...neither a restore from a xml backup...

SteveITS

re: slow, is DNS working after the WAN IP change? If DNS is not working then the dashboard page for example will wait until DNS lookups (e.g. upgrade check) time out before content is shown. Same with other pages and things like package updates.

Gertjan

@pama said in Change IP:

The question is that I can't do a clean install...neither a restore from a xml backup...

I don't understand.
So the first hardware issue comes along and your setup is down the drain.
Is this some installation on a remote site ? (even more a reason to keep things simple, classic and easy).

johnpoz

@pama said in Change IP:

but it changes the Netgate device ID for support.

It does? Can someone from netgate confirm that? I would think that a real pain in the ass if every time for support..

jimp

A factory reset does not change the Netgate ID. Maybe if it was a VM and they blew away the VM and reinstalled, or moved to a new VM, since that would appear to be different hardware.

The original problem here sounds an awful lot like the symptoms one sees when they try to use the same subnet on WAN and LAN.

johnpoz

@jimp said in Change IP:

when they try to use the same subnet on WAN and LAN.

And I think we have a winner.. Ding Ding Ding ;)

pama

Here I am!
Well, the issue is...

The pfsense is a vm in China. We had a ransomware attack so the local IT company would like to try another firewall with DPI solution.
They disconnected the NICs from Vsphere and kept the same LAN and WAN IPs for the new firewall.
Now I would like to restart the pfsense, so I need to change both LAN and WAN IPs. They are in the same subnet.
That's why I need to change the IPs and I cannot make a factory reset.
So, any solution?

Thanks

Gertjan

Set LAN only to have access ... ?

pama

@gertjan said in Change IP:

Set LAN only to have access ... ?

Yep, I have access. But I cannot connect to internet (for updates and packages)

Gertjan

Well, I guess you could prepare a script ? config.xml ? that swaps LAN to something else, and puts WAN in the correct network.
The same config.xml should have NAT rule on WAN for incoming GUI and SSH access.

But having a pfSense locked in such a place : isn't it useless now ?

Btw : Interesting issue : blaming the firewall when a "user" installed some random ware ...

pama

@gertjan said in Change IP:

Btw : Interesting issue : blaming the firewall when a "user" installed some random ware ...

I know, that's why I am fighting against the local IT.
Now I have access on a vm natted on the "new chinese firewall" and I can work also from Vsphere console, but I wouldn't like to start from scratch just only I need to change two IPs, it is very disappointing!

SteveITS

I'm not clear if the WAN and LAN are in the same subnet now, and you're trying to fix that? Because you wouldn't ever change them to the same subnet. If you're trying to swap them, perhaps change one to some other made up subnet temporarily...

WAN A
LAN B

WAN C
LAN B

WAN B
LAN A

pama

@teamits
et's take, for example
LAN net is 192.168.6.0/24
WAN net is 20.30.40.0/24 GW 20.30.40.254

My old IPs are
LAN 192.168.6.1
WAN 20.30.40.1 GW 20.30.40.254

I have changed first LAN address with
192.168.6.10

Then WAN address with
20.30.40.10 GW 20.30.40.254

The system is stuck. I can connect with a slow refresh to the interface but I cannot browse and/or update the system.

SteveITS

OK so the two interfaces are not in the same subnet.

I have no idea why you would have the trouble you describe, by making those changes. Are you sure neither of those IPs are already in use on other devices?

Have you tried changing just the LAN IP, and restarting?

pama

@teamits said in Change IP:

Have you tried changing just the LAN IP, and restarting?
The question is that the WAN IP is now used by another device, so I need to change it too

Grimson

Get actual console access (not SSH) and use option "2" to change the IPs and then reboot it for good measure.

pama

@grimson said in Change IP:

Get actual console access (not SSH) and use option "2" to change the IPs and then reboot it for good measure.

Already done...

SteveITS

@pama said in Change IP:

the WAN IP is now used by another device

I was just trying to find out at what step you lose access.
You should not be losing access.
If the current WAN IP is in use by another device I would expect both of those to have trouble and would be surprised if you could connect out from the pfSense to the Internet before changing WAN IPs.
I was trying to suggest the new WAN IP is also in use by another device. That would at least be consistent with your symptoms.

pama

@teamits said in Change IP:

@pama said in Change IP:

the WAN IP is now used by another device

I was just trying to find out at what step you lose access.
You should not be losing access.
If the current WAN IP is in use by another device I would expect both of those to have trouble and would be surprised if you could connect out from the pfSense to the Internet before changing WAN IPs.
I was trying to suggest the new WAN IP is also in use by another device. That would at least be consistent with your symptoms.

Please read from the top...

The local IT has disconnected pfsense nics from vsphere adn used its ips for the new device.
the new device is working without any problem, as pfsense before.
now I want to reconnect pfsense with UNUSED IPS (please, huh? I work in IT from 20 years)