Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Non-RFC1918 LAN: possible?

    Firewalling
    4
    8
    59
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sgw last edited by

      I have a question that is a bit hard to research as I don't have much success in googling "non-RFC1918 LAN pfsense" ...

      My question:

      I have to deploy a new SG-1100 pfsense to a site that uses
      192.6.1.0/24 as LAN subnet. No idea why they chose that, for sure this is not a RFC1918 subnet, so it might get routed through the internet.

      A change of subnet ... better not, too many legacy Thin Clients and stuff around.

      Yesterday I set up the SG-1100 and configured the interfaces. To me it seems that some hidden firewall rules ("default deny" ?) also conflict with my setup. Sometimes the GUI seems to stop reacting ...

      I wonder if I have to configure some exception somewhere if I use that subnet. And I'd like to know that before I send them the appliance and don't have physical access anymore.

      thanks

      JKnott 1 Reply Last reply Reply Quote 0
      • S
        sgw last edited by

        I think it works but as it is plugged into a switch in my local LAN (which is different), the LAN interface gets hammered with packets (UDP ..) from my other systems. Dropping and logging them seems to stress the box a bit.

        I will compare the performance with only my laptop plugged into its LAN iface.

        Derelict 1 Reply Last reply Reply Quote 0
        • JKnott
          JKnott @sgw last edited by

          @sgw said in Non-RFC1918 LAN: possible?:

          A change of subnet ... better not, too many legacy Thin Clients and stuff around.

          Do those devices use static or DHCP addresses? If DHCP, it shouldn't be much of a problem to change the subnet.

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Just run through the setup wizard and change the LAN to that. Nothing special about it.

            Should renumber it though, of course. It is allocated to Hewlett-Packard for future reference when they can't download printer drivers or something and you are pulling your hair out.

            S 1 Reply Last reply Reply Quote 0
            • Derelict
              Derelict LAYER 8 Netgate @sgw last edited by

              @sgw said in Non-RFC1918 LAN: possible?:

              I think it works but as it is plugged into a switch in my local LAN (which is different), the LAN interface gets hammered with packets (UDP ..) from my other systems. Dropping and logging them seems to stress the box a bit.

              I will compare the performance with only my laptop plugged into its LAN iface.

              Generally one would test in that environment by putting the WAN interface on your LAN and putting test device behind the router. It you are connecting LAN to an existing LAN you are probably putting a second DHCP server on your LAN and that will cause nothing but problems for the other hosts on that network.

              S 1 Reply Last reply Reply Quote 0
              • S
                sgw @Derelict last edited by

                @Derelict said in Non-RFC1918 LAN: possible?:

                Generally one would test in that environment by putting the WAN interface on your LAN and putting test device behind the router. It you are connecting LAN to an existing LAN you are probably putting a second DHCP server on your LAN and that will cause nothing but problems for the other hosts on that network.

                At first I had the WAN plugged into my switch via DHCP to be able to upgrade and install packages, for this I disabled the firewall temporary (and added a rule which allowed me to access the WebGUI.

                After that I plugged the LAN interface into my switch instead, and added an IP adress to my desktop PC that matches the target subnet of the customer pfsense, so I can access the box via its LAN. Works so far but seems a bit sluggish: maybe to be expected when it has to drop all the packages from a different subnet?

                1 Reply Last reply Reply Quote 0
                • Rico
                  Rico LAYER 8 Rebel Alliance last edited by

                  Botched-up configuration...change that LAN to RFC1918.

                  -Rico

                  1 Reply Last reply Reply Quote 0
                  • S
                    sgw @Derelict last edited by

                    @Derelict said in Non-RFC1918 LAN: possible?:

                    Just run through the setup wizard and change the LAN to that. Nothing special about it.

                    Should renumber it though, of course. It is allocated to Hewlett-Packard for future reference when they can't download printer drivers or something and you are pulling your hair out.

                    Yes, I am aware of that and will recommend that.
                    After I only plugged in my laptop the filter logs were silent so I assume it will just work there. Currently the package is on its way ... test follows later this week. Thanks.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense Plus
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy