Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense Newbie Help Requested

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 4 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mikeytag
      last edited by

      Hi everyone,
      This is my first time installing pfSense and I was able to install it just fine. My LAN works perfectly, but I can't seem to access the internet over my WAN connection. I know I am missing something or doing something horribly wrong here. Any help would be appreciated.

      Here is my setup:

      LAN: 192.168.1.0/24 (pfSense ip is 192.168.1.1) [em0]
      WAN: Static IP DSL - 64.81.37.134/32 - Gateway: 64.81.37.1 [em1]

      I can ping anything inside the 192.168.1.x space, but can't ping any ip address on the WAN connection.
      There is an entry in my system log that says this:

      kernel: arpresolve: can't allocate route for 64.81.37.1

      I KNOW those static settings work for the DSL line because if I plug it into my cheapo linksys router it works perfectly.
      I haven't setup any firewall rules yet, but I thought the default would be to allow outbound traffic and block inbound.

      If anyone has any ideas send em my way.

      1 Reply Last reply Reply Quote 0
      • M
        mikeytag
        last edited by

        SOLVED:

        I called my OpenBSD friend and we figured it out. Everything worked peachy when I switched my WAN interface to a /24. For some reason /32 (which I thought should be 1 ip) was giving a netmask of 0xffffffff which will never ever work. Why does a /32 get that netmask?

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG
          GruensFroeschli
          last edited by

          This is CIDR notation:
          http://en.wikipedia.org/wiki/CIDR

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • D
            dreamslacker
            last edited by

            @mikeytag:

            SOLVED:

            I called my OpenBSD friend and we figured it out. Everything worked peachy when I switched my WAN interface to a /24. For some reason /32 (which I thought should be 1 ip) was giving a netmask of 0xffffffff which will never ever work. Why does a /32 get that netmask?

            The netmask tells the host which other IPs fall within the same subnet.
            A CIDR notation of /24 tells the host that it is on the x.y.z.0 subnet, the broadcast address is x.y.z.255 and that any IP's within this range (non-inclusive of .0 and .255) is a host within the same subnet.
            Hence, the first valid IP is x.y.z.1 and the last is x.y.z.254.  Giving a total of 254 valid IP addresses or calculated from the CIDR:  ( 2 power of (32-CIDR num) ) - 2
            I don't think /32 is even possible to use (I might be wrong though) since there is only one valid IP.  At least, in your case, I don't think it's possible.

            1 Reply Last reply Reply Quote 0
            • G
              gloomrider
              last edited by

              Here's an excerpt of the log of my PPPoE session being established with the IP address redacted.  Note the netmask  :)

              
              [pppoe] exec: /sbin/ifconfig ng0 x.x.x.157 x.x.x.254 netmask 0xffffffff -link0
              
              
              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                This is something pppeo specific that doesnt apply to normal ethernet.

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • M
                  mikeytag
                  last edited by

                  Yah, after reading this the next day I fully realize my mistake with the notation. When I checked my Linksys settings I found that I was using 255.255.255.0 [/24] anyway. You ever beat your head against a wall so many times figuring something out that you stop thinking clearly?

                  LOL, I had such a hard time just getting pfSense installed on a machine that would detect all the network cards and this mistake happened towards the end of a very long day. I gotta remember to take a break sometimes. ;)

                  Completely IMHO, I think it would be nice if you could put in the actual subnet rather than the / notation in pfSense. It is a little bit more user friendly as most people are used to that notation if they haven't had a ton of networking experience. Also, once you get beyond /24 it becomes a bit of a mental stretch to figure them out. Just my 2 cents.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.