WAN upgrade from /29 to /28

  • Hi Guys

    This is my first post as I'm new to pfSense, I really love the software, brilliant stuff!!!!

    Probably a really stupid question but here goes:

    I have a pfSense sitting on my ESXi box in a data center, when I first installed it for testing I was given a /29 IP block, I told the ISP that I will be needing to increase this to a /28 so they reserved the rest of the IP block for me. The time has now come to increase my IP block, do I simply just edit the WAN subnet from /29 to /28 or do I have to run the initial setup again.


  • @kenttec said in WAN upgrade from /29 to /28:

    do I simply just edit the WAN subnet from /29 to /28

    I believe you answered your question...you can also try editing and see what happens!

  • Cheers for the response.

    I want to do this work remotely, If it wasn't hosted in a data center and was a home lab, I'd happily give it a go and see what happens. Only problem is, if it doesn't work, I'll have to get remote hands or make my 1 hour journey.

    Was hoping someone has done something similar to this, like editing the existing WAN

  • @kenttec Hopefully, others will chime in...I understand your situation.

  • @NollipfSense I know its a bit of an odd one as usually you'd get a fresh bunch of IP's/subnet/gateway when going from /29 to /28. 😎

  • LAYER 8

    the only thing that change from /29 to /28 is the max host available from 6 to 14, if the block of addresses remains the same
    you just need to change netmask from /29 to /28

  • @kiokoman Thats good news, so I can do this remotley in GUI and then ask ISP to initiate changes

  • LAYER 8

    you can do it before or after it doesn't really matter,your connection will not disrupt, the gateway remain the same

  • @kiokoman Oh OK, I thought you needed the correct subnet for connectivity to work, so I could change it now and still have connectivity? Then contact ISP Monday

  • LAYER 8

    buh, i tried it on my config and i didn't lost connectivity , i have a /29 where i have my ip added as virtual ips, i changed my wan interface to /28 and nothing happened 😂

  • @kiokoman thank you for testing it and confirming. That’s great news.

  • Rebel Alliance Developer Netgate

    It may also depend on where your block is allocated. a /29 could start in the middle of a /28. But if the network address of both is the same, then you're probably OK.

    For example:

    • goes from - (with 32 being the network address and 47 being the broadcast)
    • is contained within and goes from - (same network ID, but 39 as broadcast)


    • is also contained within but goes from - (with 40 being network ID, 47 as broadcast)

    So if your /29 and /28 use the same network ID then you probably only need to adjust the subnet mask. But if the /29 started halfway into a /28, then you may want to make other adjustments as well. Like if your firewall is using the first usable IP address, you might want to shift that down to match the new subnet.

    Run the old and new subnet through a subnet calculator to be certain.

  • @jimp Thanks for the heads up, Im not aware of my /28 addresses yet so I will hold fire on adjusting anything.

Log in to reply