Changed to Static IP on LAN [SOLVED]



  • Hello, I have pfSense running 2.3.1.

    I wanted to change my box to static IP's to disable DHCP so I turned it off under "DHCP Server" tab then went to the "Interfaces" tab and to the WAN interface. After changing the static IP from 192.168.1.1 to 10.10.10.20, then changing my windows network IP address to 10.10.10.1, then pointing my browser to 10.10.10.20, no dice…

    I'm on my phone typing this out now :-(

    What did I do wrong?  How can I access this box ever again?  Thank you for your help!

    Edit: "and to the WAN interface" was meant to read "and to the LAN interface"



  • I'm making an assumption here (several, actually), but it looks like you've set your WAN and LAN address to be within the same range. This won't work - your LAN and WAN networks need to be different in order for routing and any firewall rules to work at all. If this isn't what you've done, then post your network configuration clearly and with greater detail.


  • LAYER 8 Netgate

    It sounds like you are confusing two different things

    WAN interfaces have to match up with whatever the ISP provisions. If they say you have to get your IP address with DHCP/PPPoE/Static, you have to set your IP address with DHCP/PPPoE/Static. You can't just change it at will.

    LAN interfaces are completely under your control. Those are typically statically set and run a DHCP SERVER so CLIENTS on the LAN segment can be configured using DHCP.



  • Hello muswell, thank you for helping me!  My WAN was somewhere in the 192.168.1.X range and my LAN was also in that same range (192.168.1.1) and that's when it was working (dhcp using out of the box configuration).  So I figured that changing my LAN to another internal range would be fine so I changed it to 10.10.10.20…

    I have Suricata and pfBlocker packages installed and highly configured (which took like 5 days straight to set up).  The pfBlocker uses unbound if I'm not mistaken because of the DNSBL feature that I'd also enabled.

    As for DNS, I was using OpenDNS 208.67.222.222 through 127.0.0.1 because of unbound I believe with DNSSEC enabled.

    That's all I can remember right now, but if you have more questions after reading this then I'll try to remember more...thank you!



  • @Derelict:

    It sounds like you are confusing two different things

    WAN interfaces have to match up with whatever the ISP provisions. If they say you have to get your IP address with DHCP/PPPoE/Static, you have to set your IP address with DHCP/PPPoE/Static. You can't just change it at will.

    LAN interfaces are completely under your control. Those are typically statically set and run a DHCP SERVER so CLIENTS on the LAN segment can be configured using DHCP.

    Whoops, already answered


  • LAYER 8 Netgate

    If your WAN was on 192.168.1.1 before, you can't just change it to 10.10.10.20. It has to be on the same subnet as your upstream router's LAN.

    Lots of ways to use the wifi in that device without keeping that device upstream.

    You need to be more clear about what interfaces you are talking about.



  • @Derelict:

    If your WAN was on 192.168.1.1 before, you can't just change it to 10.10.10.20. It has to be on the same subnet as your upstream router's LAN.

    Lots of ways to use the wifi in that device without keeping that device upstream.

    You need to be more clear about what interfaces you are talking about.

    Hello Derelict, I just realized now that back in my original post I made a big mistake when I'd said that I changed the WAN to 10.10.10.20…I meant to say I changed the LAN to 10.10.10.20...that was really stupid of me and I didn't mean to write that...

    To alleviate this problem with not being able to access the pfSense webGUI since changing the LAN from 192.168.1.1, to 10.10.10.20, can I just disconnect the ethernet from the pfSense WAN, unplug the pfSense box, then plug it back in, and then hopefully access it?


  • LAYER 8 Netgate

    If you changed LAN to 10.10.10.20 you need to configure your LAN host to be on the 10.10.10.0/24 subnet and connect to 10.10.10.20 to access the GUI again.

    DHCP release/renew will also work if you followed the instructions presented when you changed the interface address that tell you to remember to update the DHCP pool addresses to the new scheme.



  • @Derelict:

    If you changed LAN to 10.10.10.20 you need to configure your LAN host to be on the 10.10.10.0/24 subnet and connect to 10.10.10.20 to access the GUI again.

    DHCP release/renew will also work if you followed the instructions presented when you changed the interface address that tell you to remember to update the DHCP pool addresses to the new scheme.

    Mistyped this question here, irrelevant


  • LAYER 8 Netgate

    You need to connect to the console and use console option 2 to reassign the IP address for LAN but using a 10.10.10.20/24. That /32 is not right and is likely breaking everything.

    No, that's not right. You need to google IP subnet to get some good educational results.



  • Absolutely. You need to try to understand the concept of netmasks before you do anything else. Setting a /32 mask on your LAN interface means you've masked off all of your internal hosts from accessing the internal interface. Have a look here for a bit more explanation:

    https://www.iplocation.net/subnet-mask



  • @muswellhillbilly:

    Absolutely. You need to try to understand the concept of netmasks before you do anything else. Setting a /32 mask on your LAN interface means you've masked off all of your internal hosts from accessing the internal interface. Have a look here for a bit more explanation:

    https://www.iplocation.net/subnet-mask

    Hi muswell, thank you for the link!  I've avoided subnetting all my life because I always feel like an idiot when trying to understand it…sad yes...that link helps a bit...



  • I accidentally gave bad advice to a possible solution here, apologies



  • I accidentally gave bad advice to a possible solution here, apologies


  • LAYER 8 Netgate

    Looks like you're already logged in. Looks like you changed the admin username. type exit and you should get the console menu.



  • @Derelict:

    Looks like you're already logged in. Looks like you changed the admin username. type exit and you should get the console menu.

    I typed "exit" after logging in as "x" and all it did was go back to a prompt asking me to login…what next?


  • LAYER 8 Netgate

    The default configuration does not have a console password.

    Try logging in and running /etc/rc.initial

    You really should be using the default admin / root account for this. You're getting yourself into the weeds stepping outside the default config without understanding what it really does. You will not be able to change the root password using that account without having installed the sudo package and sudoing to root first, for example.



  • I accidentally gave bad advice to a possible solution here, apologies


  • LAYER 8 Netgate

    Like I said, you need to use the default admin / root user or use sudo.

    Stop logging in as that user you created. Log in as admin or root.



  • @Derelict:

    Like I said, you need to use the default admin / root user or use sudo.

    Stop logging in as that user you created. Log in as admin or root.

    I'll try logging in as root and then try different passwords but as I said previously I disabled the default administrative account.



  • Logged in successfully but now the Dashboard keeps saying "Unable to check for updates" and I can't view my installed packages or available packages under the Package Manager due to an error "unable to retrieve package information".  This is of course despite having internet access to the pfSense box and having downloaded my AV updates etc on my Windows PC…

    Is that indicative of some new significant issue since I had to console and restart so many dozens of times trying to fix my prior issue?


  • LAYER 8 Global Moderator

    JFC dude really??  Seems like you borked the shit out of your install..  As to not finding updates this going going to be dns related.. What is the pfsense using for dns?  Are you running the default resolver (unbound) or dnsmasq the forwarder?  Where does pfsense point for dns?

    Weeks to redo your setup??  Sorry but I just call BS on that to be honest..  Do you have hundreds of vlans all with different rules?  Take a backup of your firewall rules, clean install and reload your firewall rules.  Should be all of a few minutes.



  • @johnpoz:

    JFC dude really??  Seems like you borked the shit out of your install..  As to not finding updates this going going to be dns related.. What is the pfsense using for dns?  Are you running the default resolver (unbound) or dnsmasq the forwarder?  Where does pfsense point for dns?

    Weeks to redo your setup??  Sorry but I just call BS on that to be honest..  Do you have hundreds of vlans all with different rules?  Take a backup of your firewall rules, clean install and reload your firewall rules.  Should be all of a few minutes.

    I said a week (didn't say weeks) of my free time to set up my box from a default configuration…suffice it to say that I have a complicated setup and quite a few packages...Snort usually eats up the most time to tune properly

    I'm using DNS resolver unbound 127.0.0.1 which then points to my default gateway IP address...last night I disabled the resolver and it didn't help...

    It does indeed seem that I have borked my install...shame on me...bummer...since other people are having similar problems I suppose I'll try their proposed method of consoling into the device and upgrading via option 13 I believe it was...



  • Solved


  • LAYER 8 Global Moderator

    And what was the issue?  Snort?



  • @johnpoz:

    And what was the issue?  Snort?

    I couldn't determine what caused the inability to check for updates or access the Package Manager, but I solved the issue by accessing the console via serial and using option 13 to update.  After a reboot the update check and Package Manager functionality worked like a champ.


  • LAYER 8 Global Moderator

    so reboot?



  • @johnpoz:

    so reboot?

    No it wasn't a reboot that fixed it, it was consoling into the pfSense box and upgrading via option 13, which involved a reboot of course.


  • LAYER 8 Global Moderator

    And how do you know this.. Did you reboot it and still have issues with finding updates via gui?

    Why was it not finding if there was an update?  Was it saying you were on latest, or was it saying could not check?  Could not check is a dns or network related issue.

    How many packages do you have installed? Snort can be finicky!!


Log in to reply