Class A Addresses



  • Does 2.0 not like class-A private addresses?  The IP scheme where I work uses a class-A (10.x.x.x) with a 24-bit subnet ie 10.10.85.0 /24.  PFsense 1.23 didn't have a problem with this scheme, but it freezes 2.0.  If I set the LAN to that type of address, it locks up.  If I have it connected to a VPN with that type of ip scheme, it will lock it up as well.



  • I think its unlikely that use of a 24 bit subnet would cause pfsense to "freeze". Please describe what you mean by "freeze": the whole system "locks up" and doesn't respond to commands from the console? pings to the LAN interface don't get a response? Internet access through the box stalls? The web GUI fails to respond but "in progress" downloads continue? something else?

    @biltritepc:

    If I set the LAN to that type of address, it locks up.

    Presumably you begin with the LAN interface set to a IP address with a much smaller number of subnet bits. At what stage does the lockup occur?

    What interfaces are in use on your box? (e.g. LAN is em0, WAN is fxp0 and OPT1 is rl0)



  • I've tried it with a couple of different hardware configurations.  I've tried by upgrading an existing 1.23 installation (where I initally discovered the problem) and by trying the configuration on a fresh 2.0 install.  I have one WAN interface on one NIC and one LAN interface on a seperate NIC.

    By "freezing" or "locking up" - The router will work initally on reboot, but only for a brief time - maybe 30-60 seconds.  During that time, everthing seems to initally work normally, but then quits.  After that time, the LAN interface quits communicating, ie no traffic, no dhcp, no ping.  The console also eventually quits responding shortly after the LAN interface does.  If you hard power-off the router and reboot, the same events repeat.  If you change the IP back to a class-C, the router works normally.

    All I can say is try it and see for yourself.  Set the LAN IP to 10.10.123.1 /24 and see what happens…



  • First of all if you use CIDR like /24 then your net is not class A….

    I am using a class C net 10.0.100.0/24 at home and have no problems at all...



  • Every network between 0.0.0.0 to 127.255.255.255 is a class a network. The CIDR can also be /24 and need net to be /8.


  • Rebel Alliance Global Moderator

    you can say that 0.0.0.0 to 127.255.255.255 is a Class A, but since 1993 is pretty much meaningless is it not.  Sure people still use Class to mean /8 or B to mean /16, etc.

    But I personally would not consider Anything/24 as A – I would agree with jlepthien /24 could be called class C address as a way to denote the 24 bit mask - and may people still call it that, its a easy to way to to say /24

    But the Class A/B/C network address assignment system was deprecate many many years ago for classless, hierarchical blocks of IP addresses (prefixes).

    take a look at rfc 4632

    
           notation       addrs/block      # blocks
           --------       -----------     ----------
           n.n.n.n/32               1     4294967296    "host route"
           n.n.n.x/31               2     2147483648    "p2p link"
           n.n.n.x/30               4     1073741824
           n.n.n.x/29               8      536870912
           n.n.n.x/28              16      268435456
           n.n.n.x/27              32      134217728
           n.n.n.x/26              64       67108864
           n.n.n.x/25             128       33554432
           n.n.n.0/24             256       16777216    legacy "Class C"
           n.n.x.0/23             512        8388608
           n.n.x.0/22            1024        4194304
           n.n.x.0/21            2048        2097152
           n.n.x.0/20            4096        1048576
           n.n.x.0/19            8192         524288
           n.n.x.0/18           16384         262144
           n.n.x.0/17           32768         131072
           n.n.0.0/16           65536          65536    legacy "Class B"
           n.x.0.0/15          131072          32768
           n.x.0.0/14          262144          16384
           n.x.0.0/13          524288           8192
           n.x.0.0/12         1048576           4096
           n.x.0.0/11         2097152           2048
           n.x.0.0/10         4194304           1024
           n.x.0.0/9          8388608            512
           n.0.0.0/8         16777216            256    legacy "Class A"
           x.0.0.0/7         33554432            128
           x.0.0.0/6         67108864             64
           x.0.0.0/5        134217728             32
           x.0.0.0/4        268435456             16
           x.0.0.0/3        536870912              8
           x.0.0.0/2       1073741824              4
           x.0.0.0/1       2147483648              2
           0.0.0.0/0       4294967296              1    "default route"
    
    

    Notice the "legacy" statements next to /8, /16 and /24..  But your statement of 10.x.x.x/24 being a class A is not correct, and has not been correct for many many many years.

    Its clear you got something going on, but i find it unlikely that is has anything to do with using a /24 on a address that falls under what once was a class A network.  I personally use the 192.168 private range on my network with a /24 – but I am quite sure I could change that to be 10.1.2.0/24 if I wanted to without any issues.



  • I Agree with Johnpoz, 0.0.0.0 - 126.255.255.255 used to be classed as 'Class A' but since the introduction of Classless routing such boundaries no longer exist.

    in answer to BILTRITEPC, I can say pf2.0 has no problems with using 10.10.123.1/24 on the LAN if, I have built a  test box and have just pinged it successfully for the last 10 mins without a hickup.

    I use a 10.x.x.x/24 (Actually I have 4 of them) on my home network and they all work perfectly using PF2.0 to route between them.

    Can you check that all settings are correct ie, lan DNS server is running, WAN DNS servers( listed in the general settings) are running and they can be used to resolve FQDN's.

    what are the WAN and LAN ip's

    Something is wrong and I would like to help.


Locked