• Hi everyone,
    This is my first time installing pfSense and I was able to install it just fine. My LAN works perfectly, but I can't seem to access the internet over my WAN connection. I know I am missing something or doing something horribly wrong here. Any help would be appreciated.

    Here is my setup:

    LAN: 192.168.1.0/24 (pfSense ip is 192.168.1.1) [em0]
    WAN: Static IP DSL - 64.81.37.134/32 - Gateway: 64.81.37.1 [em1]

    I can ping anything inside the 192.168.1.x space, but can't ping any ip address on the WAN connection.
    There is an entry in my system log that says this:

    kernel: arpresolve: can't allocate route for 64.81.37.1

    I KNOW those static settings work for the DSL line because if I plug it into my cheapo linksys router it works perfectly.
    I haven't setup any firewall rules yet, but I thought the default would be to allow outbound traffic and block inbound.

    If anyone has any ideas send em my way.


  • SOLVED:

    I called my OpenBSD friend and we figured it out. Everything worked peachy when I switched my WAN interface to a /24. For some reason /32 (which I thought should be 1 ip) was giving a netmask of 0xffffffff which will never ever work. Why does a /32 get that netmask?


  • This is CIDR notation:
    http://en.wikipedia.org/wiki/CIDR


  • @mikeytag:

    SOLVED:

    I called my OpenBSD friend and we figured it out. Everything worked peachy when I switched my WAN interface to a /24. For some reason /32 (which I thought should be 1 ip) was giving a netmask of 0xffffffff which will never ever work. Why does a /32 get that netmask?

    The netmask tells the host which other IPs fall within the same subnet.
    A CIDR notation of /24 tells the host that it is on the x.y.z.0 subnet, the broadcast address is x.y.z.255 and that any IP's within this range (non-inclusive of .0 and .255) is a host within the same subnet.
    Hence, the first valid IP is x.y.z.1 and the last is x.y.z.254.  Giving a total of 254 valid IP addresses or calculated from the CIDR:  ( 2 power of (32-CIDR num) ) - 2
    I don't think /32 is even possible to use (I might be wrong though) since there is only one valid IP.  At least, in your case, I don't think it's possible.


  • Here's an excerpt of the log of my PPPoE session being established with the IP address redacted.  Note the netmask  :)

    
    [pppoe] exec: /sbin/ifconfig ng0 x.x.x.157 x.x.x.254 netmask 0xffffffff -link0
    
    

  • This is something pppeo specific that doesnt apply to normal ethernet.


  • Yah, after reading this the next day I fully realize my mistake with the notation. When I checked my Linksys settings I found that I was using 255.255.255.0 [/24] anyway. You ever beat your head against a wall so many times figuring something out that you stop thinking clearly?

    LOL, I had such a hard time just getting pfSense installed on a machine that would detect all the network cards and this mistake happened towards the end of a very long day. I gotta remember to take a break sometimes. ;)

    Completely IMHO, I think it would be nice if you could put in the actual subnet rather than the / notation in pfSense. It is a little bit more user friendly as most people are used to that notation if they haven't had a ton of networking experience. Also, once you get beyond /24 it becomes a bit of a mental stretch to figure them out. Just my 2 cents.