Process to Change WAN IP Addresses?
-
Hi guys, We are currently using 2 virtual instances of pfSense 1.2 RELEASE. We have a dual WAN setup with 2 blocks of different IP addresses. We are moving to a new colo facility in a couple weeks and so we will need re-assign IP addresses along with all the NAT and Virtual IPs in PfSense.
What is the best process for doing this type of move? We are also moving to a single WAN with just more addreses to keep things simpler so we do not need to keep managing 2 WANs.
Where in the pfSense interface should we reconfigure our new IP addresses? Or do we need to do something right when the system boots up? Since we no longer need the WAN2 interface can we just clear that out after we have re-assigned all our rules/NAT settings?
Any other issues or should this be a pretty straight forward thing to do? Anyone who has done this type of migration with pfSense before?
Thanks in advance for any guidance or suggestions!
-
Hi guys, We are currently using 2 virtual instances of pfSense 1.2 RELEASE. We have a dual WAN setup with 2 blocks of different IP addresses. We are moving to a new colo facility in a couple weeks and so we will need re-assign IP addresses along with all the NAT and Virtual IPs in PfSense.
What is the best process for doing this type of move? We are also moving to a single WAN with just more addreses to keep things simpler so we do not need to keep managing 2 WANs.
Where in the pfSense interface should we reconfigure our new IP addresses? Or do we need to do something right when the system boots up? Since we no longer need the WAN2 interface can we just clear that out after we have re-assigned all our rules/NAT settings?
Any other issues or should this be a pretty straight forward thing to do? Anyone who has done this type of migration with pfSense before?
Thanks in advance for any guidance or suggestions!
You can change the WAN IP from Interfaces -> WAN -> Static IP Configuration.
Along with SSH, I reckon that's the bare minimum you'd require to make any other configuration changes even remotely. -
Thanks for the reply. Any idea what happens to all the virtual ips and rules if you change the WAN interface IP first? I assume it just ignores them then at that point and I can go in and reassign to new values?
-
Thanks for the reply. Any idea what happens to all the virtual ips and rules if you change the WAN interface IP first? I assume it just ignores them then at that point and I can go in and reassign to new values?
Never used virtual IP's so I can't comment on that. I do have some static IP's, I just never needed to use them and don't see a need to buy a Vlan capable switch to use them.
Since you're going to (presumably) receive a new block of IP's, I do suppose you could just flush the VIPs before migrating the unit. I should suppose the box will just ignore them and perhaps generate some errors in the logs. You should be able to change them as long as your main WAN interface settings and firewall rules are configured properly. -
If you have CARP type virtual IP addresses and you change your WAN interface address, if the CARP IP addresses don't belong to the same subnet as the address you'll get a kernel panic. Beyond that your rules and such associated with the old IP addresses will be invalid. Your best bet would be to recreate your environment virtually, create new configs for the environment you're going to and then restore the configs to your production boxes. While you're at it, upgrade your production boxes. 1.2-RELEASE is way out of date.
-
Thanks for the great input and advice. We are using CARP. We dont really have the resource to setup virtual setups prior to the move unfortunately. So considering we have 2 pfSense machines running with CARP, if I went about this order would we still have a kernal panic? Should it work?
1- Upgrade to current release now on production before the move (wait 2 weeks to confirm workin ok)
2- Move to new facility
3- Bring up primary pfSense box
4- Delete all the Virtual IP adddress
5- Edit WAN IP Addresses to new subnet
6- Create new Virtual IP addresses
7- Update all NAT and Rules
8- Do the same to the secondary pfSense box
9- restart bothDoes that sound like an ok way to do it? I just dont want a bunch of corrupt data in there so Im hoping editing and deleting records will work out.
s -
If you have 2 weeks to ensure that the upgrade is stable, you have enough time to install ESXi and do this right.
-
I guess I am not sure I understand what you mean. In order to creat a virtual installation of pfSense on the new network we would have to have a physical machine over there right, build a new pfSense machine and load all the new settings into it. Then what do we do once we have the old machines on the new network? Do we import the settings? Thanks so much for your input!
-
But you can build the Virtual box before moving, if you have the info of the new WAN IP.
Thereby you do not have to bring down production while moving some of the hardware…..:)
-
Ok I guess thats the part I was not clear on. I thought generally you should be on the network you are configuring the rules/addresses for. If I can just build it "offline" so to speak on our old network I can definitely do it ahead of time. I was just worried that if it was not on the actualy network at the time I configured it, there would be issues. Thanks for everyone's input on this. Will report back on how it goes.