WAN upgrade from /29 to /28

kenttec

Hi Guys

This is my first post as I'm new to pfSense, I really love the software, brilliant stuff!!!!

Probably a really stupid question but here goes:

I have a pfSense sitting on my ESXi box in a data center, when I first installed it for testing I was given a /29 IP block, I told the ISP that I will be needing to increase this to a /28 so they reserved the rest of the IP block for me. The time has now come to increase my IP block, do I simply just edit the WAN subnet from /29 to /28 or do I have to run the initial setup again.

Cheers

NollipfSense

@kenttec said in WAN upgrade from /29 to /28:

do I simply just edit the WAN subnet from /29 to /28

I believe you answered your question...you can also try editing and see what happens!

kenttec

Cheers for the response.

I want to do this work remotely, If it wasn't hosted in a data center and was a home lab, I'd happily give it a go and see what happens. Only problem is, if it doesn't work, I'll have to get remote hands or make my 1 hour journey.

Was hoping someone has done something similar to this, like editing the existing WAN

NollipfSense

@kenttec Hopefully, others will chime in...I understand your situation.

kenttec

@NollipfSense I know its a bit of an odd one as usually you'd get a fresh bunch of IP's/subnet/gateway when going from /29 to /28.

kiokoman

the only thing that change from /29 to /28 is the max host available from 6 to 14, if the block of addresses remains the same
you just need to change netmask from /29 to /28

kenttec

@kiokoman Thats good news, so I can do this remotley in GUI and then ask ISP to initiate changes

kiokoman

you can do it before or after it doesn't really matter,your connection will not disrupt, the gateway remain the same

kenttec

@kiokoman Oh OK, I thought you needed the correct subnet for connectivity to work, so I could change it now and still have connectivity? Then contact ISP Monday

kiokoman

buh, i tried it on my config and i didn't lost connectivity , i have a /29 where i have my ip added as virtual ips, i changed my wan interface to /28 and nothing happened

kenttec

@kiokoman thank you for testing it and confirming. That’s great news.

jimp

It may also depend on where your block is allocated. a /29 could start in the middle of a /28. But if the network address of both is the same, then you're probably OK.

For example:

• 198.51.100.32/28 goes from 198.51.100.33 - 198.51.100.46 (with 32 being the network address and 47 being the broadcast)
• 198.51.100.32/29 is contained within 198.51.100.32/28 and goes from 198.51.100.33 - 198.51.100.38 (same network ID, but 39 as broadcast)

However:

• 198.51.100.40/29 is also contained within 198.51.100.32/28 but goes from 198.51.100.41 - 198.51.100.46 (with 40 being network ID, 47 as broadcast)

So if your /29 and /28 use the same network ID then you probably only need to adjust the subnet mask. But if the /29 started halfway into a /28, then you may want to make other adjustments as well. Like if your firewall is using the first usable IP address, you might want to shift that down to match the new subnet.

Run the old and new subnet through a subnet calculator to be certain.

kenttec

@jimp Thanks for the heads up, Im not aware of my /28 addresses yet so I will hold fire on adjusting anything.