Changed to Static IP on LAN [SOLVED]

pfsense4life · Aug 2, 2016, 11:42 AM

Hello, I have pfSense running 2.3.1.

I wanted to change my box to static IP's to disable DHCP so I turned it off under "DHCP Server" tab then went to the "Interfaces" tab and to the WAN interface. After changing the static IP from 192.168.1.1 to 10.10.10.20, then changing my windows network IP address to 10.10.10.1, then pointing my browser to 10.10.10.20, no dice…

I'm on my phone typing this out now :-(

What did I do wrong? How can I access this box ever again? Thank you for your help!

Edit: "and to the WAN interface" was meant to read "and to the LAN interface"

muswellhillbilly · Jul 29, 2016, 7:38 AM

I'm making an assumption here (several, actually), but it looks like you've set your WAN and LAN address to be within the same range. This won't work - your LAN and WAN networks need to be different in order for routing and any firewall rules to work at all. If this isn't what you've done, then post your network configuration clearly and with greater detail.

Derelict · Jul 29, 2016, 8:50 AM

It sounds like you are confusing two different things

WAN interfaces have to match up with whatever the ISP provisions. If they say you have to get your IP address with DHCP/PPPoE/Static, you have to set your IP address with DHCP/PPPoE/Static. You can't just change it at will.

LAN interfaces are completely under your control. Those are typically statically set and run a DHCP SERVER so CLIENTS on the LAN segment can be configured using DHCP.

pfsense4life · Jul 29, 2016, 8:52 AM

Hello muswell, thank you for helping me! My WAN was somewhere in the 192.168.1.X range and my LAN was also in that same range (192.168.1.1) and that's when it was working (dhcp using out of the box configuration). So I figured that changing my LAN to another internal range would be fine so I changed it to 10.10.10.20…

I have Suricata and pfBlocker packages installed and highly configured (which took like 5 days straight to set up). The pfBlocker uses unbound if I'm not mistaken because of the DNSBL feature that I'd also enabled.

As for DNS, I was using OpenDNS 208.67.222.222 through 127.0.0.1 because of unbound I believe with DNSSEC enabled.

That's all I can remember right now, but if you have more questions after reading this then I'll try to remember more...thank you!

pfsense4life · Aug 14, 2016, 4:50 PM

@Derelict:

It sounds like you are confusing two different things

WAN interfaces have to match up with whatever the ISP provisions. If they say you have to get your IP address with DHCP/PPPoE/Static, you have to set your IP address with DHCP/PPPoE/Static. You can't just change it at will.

LAN interfaces are completely under your control. Those are typically statically set and run a DHCP SERVER so CLIENTS on the LAN segment can be configured using DHCP.

Whoops, already answered

Derelict · Jul 29, 2016, 9:06 AM

If your WAN was on 192.168.1.1 before, you can't just change it to 10.10.10.20. It has to be on the same subnet as your upstream router's LAN.

Lots of ways to use the wifi in that device without keeping that device upstream.

You need to be more clear about what interfaces you are talking about.

pfsense4life · Jul 29, 2016, 10:43 AM

@Derelict:

If your WAN was on 192.168.1.1 before, you can't just change it to 10.10.10.20. It has to be on the same subnet as your upstream router's LAN.

Lots of ways to use the wifi in that device without keeping that device upstream.

You need to be more clear about what interfaces you are talking about.

Hello Derelict, I just realized now that back in my original post I made a big mistake when I'd said that I changed the WAN to 10.10.10.20…I meant to say I changed the LAN to 10.10.10.20...that was really stupid of me and I didn't mean to write that...

To alleviate this problem with not being able to access the pfSense webGUI since changing the LAN from 192.168.1.1, to 10.10.10.20, can I just disconnect the ethernet from the pfSense WAN, unplug the pfSense box, then plug it back in, and then hopefully access it?

Derelict · Jul 29, 2016, 10:46 AM

If you changed LAN to 10.10.10.20 you need to configure your LAN host to be on the 10.10.10.0/24 subnet and connect to 10.10.10.20 to access the GUI again.

DHCP release/renew will also work if you followed the instructions presented when you changed the interface address that tell you to remember to update the DHCP pool addresses to the new scheme.

pfsense4life · Aug 14, 2016, 4:48 PM

@Derelict:

If you changed LAN to 10.10.10.20 you need to configure your LAN host to be on the 10.10.10.0/24 subnet and connect to 10.10.10.20 to access the GUI again.

DHCP release/renew will also work if you followed the instructions presented when you changed the interface address that tell you to remember to update the DHCP pool addresses to the new scheme.

Mistyped this question here, irrelevant

Derelict · Jul 29, 2016, 11:27 AM

You need to connect to the console and use console option 2 to reassign the IP address for LAN but using a 10.10.10.20/24. That /32 is not right and is likely breaking everything.

No, that's not right. You need to google IP subnet to get some good educational results.

muswellhillbilly · Jul 29, 2016, 11:33 AM

Absolutely. You need to try to understand the concept of netmasks before you do anything else. Setting a /32 mask on your LAN interface means you've masked off all of your internal hosts from accessing the internal interface. Have a look here for a bit more explanation:

https://www.iplocation.net/subnet-mask

pfsense4life · Jul 29, 2016, 12:21 PM

@muswellhillbilly:

Absolutely. You need to try to understand the concept of netmasks before you do anything else. Setting a /32 mask on your LAN interface means you've masked off all of your internal hosts from accessing the internal interface. Have a look here for a bit more explanation:

https://www.iplocation.net/subnet-mask

Hi muswell, thank you for the link! I've avoided subnetting all my life because I always feel like an idiot when trying to understand it…sad yes...that link helps a bit...

pfsense4life · Aug 14, 2016, 4:47 PM

I accidentally gave bad advice to a possible solution here, apologies

pfsense4life · Aug 14, 2016, 4:47 PM

I accidentally gave bad advice to a possible solution here, apologies

Derelict · Jul 29, 2016, 11:58 PM

Looks like you're already logged in. Looks like you changed the admin username. type exit and you should get the console menu.

pfsense4life · Jul 30, 2016, 12:01 PM

@Derelict:

Looks like you're already logged in. Looks like you changed the admin username. type exit and you should get the console menu.

I typed "exit" after logging in as "x" and all it did was go back to a prompt asking me to login…what next?

Derelict · Jul 30, 2016, 7:56 PM

The default configuration does not have a console password.

Try logging in and running /etc/rc.initial

You really should be using the default admin / root account for this. You're getting yourself into the weeds stepping outside the default config without understanding what it really does. You will not be able to change the root password using that account without having installed the sudo package and sudoing to root first, for example.

pfsense4life · Aug 14, 2016, 4:46 PM

I accidentally gave bad advice to a possible solution here, apologies

Derelict · Jul 31, 2016, 6:45 PM

Like I said, you need to use the default admin / root user or use sudo.

Stop logging in as that user you created. Log in as admin or root.

pfsense4life · Jul 31, 2016, 8:21 PM

@Derelict:

Like I said, you need to use the default admin / root user or use sudo.

Stop logging in as that user you created. Log in as admin or root.

I'll try logging in as root and then try different passwords but as I said previously I disabled the default administrative account.