Non-RFC1918 LAN: possible?
-
I have a question that is a bit hard to research as I don't have much success in googling "non-RFC1918 LAN pfsense" ...
My question:
I have to deploy a new SG-1100 pfsense to a site that uses
192.6.1.0/24 as LAN subnet. No idea why they chose that, for sure this is not a RFC1918 subnet, so it might get routed through the internet.A change of subnet ... better not, too many legacy Thin Clients and stuff around.
Yesterday I set up the SG-1100 and configured the interfaces. To me it seems that some hidden firewall rules ("default deny" ?) also conflict with my setup. Sometimes the GUI seems to stop reacting ...
I wonder if I have to configure some exception somewhere if I use that subnet. And I'd like to know that before I send them the appliance and don't have physical access anymore.
thanks
-
I think it works but as it is plugged into a switch in my local LAN (which is different), the LAN interface gets hammered with packets (UDP ..) from my other systems. Dropping and logging them seems to stress the box a bit.
I will compare the performance with only my laptop plugged into its LAN iface.
-
@sgw said in Non-RFC1918 LAN: possible?:
A change of subnet ... better not, too many legacy Thin Clients and stuff around.
Do those devices use static or DHCP addresses? If DHCP, it shouldn't be much of a problem to change the subnet.
-
Just run through the setup wizard and change the LAN to that. Nothing special about it.
Should renumber it though, of course. It is allocated to Hewlett-Packard for future reference when they can't download printer drivers or something and you are pulling your hair out.
-
@sgw said in Non-RFC1918 LAN: possible?:
I think it works but as it is plugged into a switch in my local LAN (which is different), the LAN interface gets hammered with packets (UDP ..) from my other systems. Dropping and logging them seems to stress the box a bit.
I will compare the performance with only my laptop plugged into its LAN iface.
Generally one would test in that environment by putting the WAN interface on your LAN and putting test device behind the router. It you are connecting LAN to an existing LAN you are probably putting a second DHCP server on your LAN and that will cause nothing but problems for the other hosts on that network.
-
@Derelict said in Non-RFC1918 LAN: possible?:
Generally one would test in that environment by putting the WAN interface on your LAN and putting test device behind the router. It you are connecting LAN to an existing LAN you are probably putting a second DHCP server on your LAN and that will cause nothing but problems for the other hosts on that network.
At first I had the WAN plugged into my switch via DHCP to be able to upgrade and install packages, for this I disabled the firewall temporary (and added a rule which allowed me to access the WebGUI.
After that I plugged the LAN interface into my switch instead, and added an IP adress to my desktop PC that matches the target subnet of the customer pfsense, so I can access the box via its LAN. Works so far but seems a bit sluggish: maybe to be expected when it has to drop all the packages from a different subnet?
-
Botched-up configuration...change that LAN to RFC1918.
-Rico
-
@Derelict said in Non-RFC1918 LAN: possible?:
Just run through the setup wizard and change the LAN to that. Nothing special about it.
Should renumber it though, of course. It is allocated to Hewlett-Packard for future reference when they can't download printer drivers or something and you are pulling your hair out.
Yes, I am aware of that and will recommend that.
After I only plugged in my laptop the filter logs were silent so I assume it will just work there. Currently the package is on its way ... test follows later this week. Thanks.