Change IP



  • Hi mates,
    after changing IPs both for LAN and WAN interfaces (and yes, sure, fixed the firewall rules) the system is stuck. It happens every time I try to change IPs.
    I can log and work, set other settings, but it is extremely slow. Sometimes it is unreachable from LAN
    Also updates and additional packages are not downloaded.
    The only way is to reset to factory and restart with a fresh config (with same IP used before), but it changes the Netgate device ID for support.
    Thanks
    Andrea



  • Hi,

    Do a clean install using the console access.
    When "LAN" the wizard comes up, change the default 192.168.1.1/24 to something else.
    DHCP will follow.

    This method works fine, and is functional for a decade, or so.



  • Thank, I know that with a clean install works (as I mentioned). The question is that I can't do a clean install...neither a restore from a xml backup...



  • re: slow, is DNS working after the WAN IP change? If DNS is not working then the dashboard page for example will wait until DNS lookups (e.g. upgrade check) time out before content is shown. Same with other pages and things like package updates.



  • @pama said in Change IP:

    The question is that I can't do a clean install...neither a restore from a xml backup...

    I don't understand.
    So the first hardware issue comes along and your setup is down the drain.
    Is this some installation on a remote site ? (even more a reason to keep things simple, classic and easy).


  • LAYER 8 Global Moderator

    @pama said in Change IP:

    but it changes the Netgate device ID for support.

    It does? Can someone from netgate confirm that? I would think that a real pain in the ass if every time for support..


  • Rebel Alliance Developer Netgate

    A factory reset does not change the Netgate ID. Maybe if it was a VM and they blew away the VM and reinstalled, or moved to a new VM, since that would appear to be different hardware.

    The original problem here sounds an awful lot like the symptoms one sees when they try to use the same subnet on WAN and LAN.


  • LAYER 8 Global Moderator

    @jimp said in Change IP:

    when they try to use the same subnet on WAN and LAN.

    And I think we have a winner.. Ding Ding Ding ;)



  • Here I am!
    Well, the issue is...

    The pfsense is a vm in China. We had a ransomware attack so the local IT company would like to try another firewall with DPI solution.
    They disconnected the NICs from Vsphere and kept the same LAN and WAN IPs for the new firewall.
    Now I would like to restart the pfsense, so I need to change both LAN and WAN IPs. They are in the same subnet.
    That's why I need to change the IPs and I cannot make a factory reset.
    So, any solution?

    Thanks



  • Set LAN only to have access ... ?



  • @gertjan said in Change IP:

    Set LAN only to have access ... ?

    Yep, I have access. But I cannot connect to internet (for updates and packages)



  • Well, I guess you could prepare a script ? config.xml ? that swaps LAN to something else, and puts WAN in the correct network.
    The same config.xml should have NAT rule on WAN for incoming GUI and SSH access.

    But having a pfSense locked in such a place : isn't it useless now ?

    Btw : Interesting issue : blaming the firewall when a "user" installed some random ware ...



  • @gertjan said in Change IP:

    Btw : Interesting issue : blaming the firewall when a "user" installed some random ware ...

    I know, that's why I am fighting against the local IT.
    Now I have access on a vm natted on the "new chinese firewall" and I can work also from Vsphere console, but I wouldn't like to start from scratch just only I need to change two IPs, it is very disappointing!



  • I'm not clear if the WAN and LAN are in the same subnet now, and you're trying to fix that? Because you wouldn't ever change them to the same subnet. If you're trying to swap them, perhaps change one to some other made up subnet temporarily...

    WAN A
    LAN B

    WAN C
    LAN B

    WAN B
    LAN A



  • @teamits
    et's take, for example
    LAN net is 192.168.6.0/24
    WAN net is 20.30.40.0/24 GW 20.30.40.254

    My old IPs are
    LAN 192.168.6.1
    WAN 20.30.40.1 GW 20.30.40.254

    I have changed first LAN address with
    192.168.6.10

    Then WAN address with
    20.30.40.10 GW 20.30.40.254

    The system is stuck. I can connect with a slow refresh to the interface but I cannot browse and/or update the system.



  • OK so the two interfaces are not in the same subnet.

    I have no idea why you would have the trouble you describe, by making those changes. Are you sure neither of those IPs are already in use on other devices?

    Have you tried changing just the LAN IP, and restarting?



  • @teamits said in Change IP:

    Have you tried changing just the LAN IP, and restarting?
    The question is that the WAN IP is now used by another device, so I need to change it too



  • Get actual console access (not SSH) and use option "2" to change the IPs and then reboot it for good measure.



  • @grimson said in Change IP:

    Get actual console access (not SSH) and use option "2" to change the IPs and then reboot it for good measure.

    Already done...



  • @pama said in Change IP:

    the WAN IP is now used by another device

    I was just trying to find out at what step you lose access.
    You should not be losing access.
    If the current WAN IP is in use by another device I would expect both of those to have trouble and would be surprised if you could connect out from the pfSense to the Internet before changing WAN IPs.
    I was trying to suggest the new WAN IP is also in use by another device. That would at least be consistent with your symptoms.



  • @teamits said in Change IP:

    @pama said in Change IP:

    the WAN IP is now used by another device

    I was just trying to find out at what step you lose access.
    You should not be losing access.
    If the current WAN IP is in use by another device I would expect both of those to have trouble and would be surprised if you could connect out from the pfSense to the Internet before changing WAN IPs.
    I was trying to suggest the new WAN IP is also in use by another device. That would at least be consistent with your symptoms.

    Please read from the top...

    The local IT has disconnected pfsense nics from vsphere adn used its ips for the new device.
    the new device is working without any problem, as pfsense before.
    now I want to reconnect pfsense with UNUSED IPS (please, huh? I work in IT from 20 years)



  • @pama said in Change IP:

    The local IT has disconnected pfsense nics from vsphere

    OK but then the symptom of slow web GUI and inability to access updates is to be expected. The slow GUI happens because DNS isn't working and each try must time out on all DNS servers before the GUI moves on.

    I was assuming the NICs were being reconnected after the IP change.

    Not sure where to go from here. The only issue I've had with changing IPs is the rebinding check not allowing the new LAN IP but I think that bug was fixed a while ago.



  • Could there be anything in VMWare that is blocking the new IPs? I haven't used VMWare much, but vaguely recall some issues on our Virtuozzo cluster with ARP tables on the physical host.



  • @teamits said in Change IP:

    @pama said in Change IP:

    The local IT has disconnected pfsense nics from vsphere

    OK but then the symptom of slow web GUI and inability to access updates is to be expected. The slow GUI happens because DNS isn't working and each try must time out on all DNS servers before the GUI moves on.

    I was assuming the NICs were being reconnected after the IP change.

    Not sure where to go from here. The only issue I've had with changing IPs is the rebinding check not allowing the new LAN IP but I think that bug was fixed a while ago.

    pfsense can query the dns without any problem...