Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Access to GUI lost after changing LAN IP

    Scheduled Pinned Locked Moved General pfSense Questions
    gui accesslan
    7 Posts 4 Posters 996 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      markagregory
      last edited by

      Environment: ESXi 7.02U Loading pfsense as a VM and connecting it to virtual switches with no physical adapters.
      After setup with all defaults can access GUI. Also client machines on LAN can ping and connect. Cannot ping pfsense LAN IP.
      the next step is to change the pfsense LAN IP from 192.168.1.1/24 to 10.10.50.1/24
      At this point the clients attached to the LAN can still ping each other. Access to the GUI is lost. Cannot ping pfsense LAN IP.

      using pfsense, can PING WAN gateway, but cannot ping LAN clients.

      Have googled and this still appears to be a major problem with pfsense. Would appreciate ideas on what is happening and why

      GertjanG M 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @markagregory
        last edited by

        @markagregory said in Access to GUI lost after changing LAN IP:

        Have googled and this still appears to be a major problem with pfsense

        This : Virtualizing pfSense Software with VMware vSphere / ESXi doesn't tell me that it doesn't or can't work.
        What others say : well .... it' a free world after all 😊

        I've no numbers, but I'm pretty sure there are many thousands out there using pfSense on ESXI right now.

        When using pfSense (software you can download) on a VM like ESXI (something you can download) you might think that all is needed are some clicks.
        Wrong : a lot of knowledge is needed. You have to 'download' that also ^^

        @markagregory said in Access to GUI lost after changing LAN IP:

        Also client machines on LAN can ping and connect. Cannot ping pfsense LAN IP.

        Show the pfSense LAN firewall rule(s) .It's very possible that you permit TCP and UDP but not ICMP. That explains why 'PING' doesn't reply.
        The default LAN rules permits all traffic, and that includes PING.

        @markagregory said in Access to GUI lost after changing LAN IP:

        the next step is to change the pfsense LAN IP from 192.168.1.1/24 to 10.10.50.1/24
        At this point the clients attached to the LAN can still ping each other. Access to the GUI is lost.

        You forgot to mention something.
        'Clients' use DHCP, and are not aware that you changed the gateway/DNS IP ....
        Normally, you could ripe out the network cable or a moment, reconnect and by magic (DHCP actually), everything works again.
        Now you have to execute a

        ipconfig /renew
        

        on the client, if it is a Windows PC.
        And of course, becaus eyou like to check :

        ipconfig /all
        

        and there you'll see that now the LAN client has a new IP, in the 10.10.50.0/24 range, and that the gateway has been set to 10.10.50.1 like the DNS.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        M 1 Reply Last reply Reply Quote 0
        • stephenw10S stephenw10 moved this topic from Problems Installing or Upgrading pfSense Software on
        • M
          markagregory @Gertjan
          last edited by markagregory

          @Gertjan thank you for responding.

          my setup now is

          LAN 192.168.1.1/24
          OPT1 10.10.50.1/24
          OPT2 10.10.51.1/24
          OPT3 10.10.52.1/24
          OPT4 10.10.53.1/24

          I've learnt the following:

          1. not to change the LAN IP - I'm using this as a management subnet to connect with pfsense
          2. LAN - I have not changed this
            27642d21-1b50-4211-bd78-979d82365a9a-image.png
          3. OPT1 I copied the rules from LAN (and similarly to OPT2, OPT3, OPT4)
            46cf4507-dff2-45d5-9180-ac5a9188f349-image.png
          4. I can ping 192.168.1.1 from a VM on LAN
          5. I can ping between two VMs on OPT1
          6. I cannot ping 10.10.50.1 from a VM on OPT1
          7. I cannot ping a VM on OPT1 from pfsense using diagnostics ping
            7cc62c19-9984-4d42-81b6-7a3c144c5d3c-image.png
          8. I need to be able to route between traffic from VMs on OPT1, OPT2, OPT3, OPT4 - help appreciated
          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @markagregory
            last edited by johnpoz

            @markagregory lan subnet would never be inbound source into your opt1 network.. The only network unless opt1 was a transit network that could be realistic source would be the opt1 subnet.

            wrong.jpg

            Not being able to ping something on the opt1 network points to a firewall on that device, or maybe it has the wrong mask? And thinks pfsense IP is not on its netwtork.. with and address of .135 for example if it had a mask of /25 then no .1 wouldn't be on its network because the network it would be on if it was 10.10.50.135/25 would be 10.10.50.128 - 10.10.50.255

            Do you see the mac address of .135 in the arp table after you try that ping command? If not then no you would never in million years be able to ping .135.. If you do have a mac, is the correct one? If so then pfsense put the traffic on the wire - not getting an answer is out of pfsense control.

            What rules you have on opt1 has nothing to do with pfsense being able to ping something on opt1, it would have to do with devices on opt1 being able to ping pfsense opt1 address or anything else for that matter.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • M
              markagregory @markagregory
              last edited by

              UPDATE:

              I decided to check the interfaces for the third time, and I found that all of the OPT interfaces were jumbled - yet again.

              I fixed the interfaces again according to the mac address for each interface in the VM settings.

              this time, I did not reboot pfsense.

              Now everything is working as expected.

              I'm going to start to restrict the traffic from WAN to LAN, but for now, all of the VMs connected to OPT1, OPT2, OPT3 and OPT4 can ping each other and the pfsense interfaces.

              It may be easy to say that it was a simple setup mistake, but I checked my work log and what I set on three occasions was changed on three occasions - once during the initial setup and each time I added interfaces to the VM (two occasions - all had a reboot at the end).

              I've learnt to check the interfaces every time I do something on the VM config side.

              Also, I've learnt not to change the LAN settings - this cost me two days of going around in circles before I decided to leave the LAN alone and add OPT1, OPT2, OPT3, and OPT4

              After all this, I think pfsense looks great, thank you to everyone that has provided some input. I have other questions, but I'll start googling before I ask here.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @markagregory
                last edited by johnpoz

                @markagregory said in Access to GUI lost after changing LAN IP:

                ach time I added interfaces to the VM (two occasions - all had a reboot at the end).

                Yeah adding interfaces to esxi can do that, its a esxi thing from what I recall. If you search you will find multiple threads on it.

                Here was a freebsd bug on it

                https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198406

                Doesn't seem to have gotten any traction.. I don't think its actually a freebsd problem

                https://forum.netgate.com/post/442381

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Yup that's a fun* one!
                  More than 4 vmx NICs in esxi changes the PCI device ordering. Crazy.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.