[SOLVED] Changed LAN now have Firewall TCP:SA issues
Hello all, already followed all the troubleshooting steps I found at https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules and the problem still exists so I am hoping someone here can help.
I recently went into Interfaces > LAN1 and changed the CIDR notation from 24 to 23 in order to double the number of IP addresses on LAN1. I did not change the static IPv4 address for LAN1 which remains at 192.168.0.1.
I then went to Services > DHCP Server > LAN1 and changed the range from 192.168.0.30 to 192.168.0.150 to instead be 192.168.1.30 to 192.168.1.150. I confirmed that the Subnet is now 192.168.0.0, Subnet mask is now 255.255.254.0, and available range now shows 192.168.0.1 - 192.168.1.254.
I then went to Firewall > NAT > Outbound and updated each mapping pertaining to source 192.168.0.0/24 so that source was now 192.168.0.0/23.
All clients having an IP address between 192.168.0.2 - 192.168.0.254 work as expected; however, any client using an address received via DHCP in the new range of 192.168.1.30 - 192.168.1.150 cannot access any of the clients in the original network range of 192.168.0.2 - 192.168.0.254.
Here is what appears in the firewall log:
Mar 9 12:31:12 LAN1 192.168.0.7:443 192.168.1.58:49694 TCP:SA
Mar 9 12:31:12 LAN1 192.168.0.7:443 192.168.1.58:49695 TCP:SA
Since the steps to fix TCP:SA issues listed on the above website did not work, does anyone have any ideas what I did wrong and how to fix it? My only goal is to increase the range of IP addresses available on our LAN.
Thanks in advance!
Never mind everybody.
This was just bad luck of the draw on my part. Had I tried connecting to anyone of our other servers instead of always testing to the same one (i.e., 192.168.0.7), I would have figured it out sooner.
The system that I was trying to connect to (i.e., 192.168.0.7) simply wasn't updating it's network configuration. It still believed the old subnet mask was 255.255.255.0 instead of 255.255.254.0. A complete restart fixed it and I am not having problems connecting to any of our other servers as they all know the updated network details.