Ran out of IPs on my LAN

hurricanecs

I have recently nearly run out of IPs on my LAN range of 192.168.150.x.  What is the most effective and reliable way to add say 192.168.149.x and have it transparent to all network devices: servers, workstations, notebooks, mobiles…  never had to deal with a single lan this big.

heper

you'd have to change from a Class-C network to a Class-B network (not 192.168.0.x anymore but 172.16.x.x)
then increase the subnet mask / bit mask

so if you'd like a range like this: 172.16.0.1 - 172.16.3.254 (1022 ip's)
you have to set you bitmask to /22
on you windows clients set you subnet mask to 255.255.252.0

for easy calculator go: http://www.subnet-calculator.com

dhatz

If you want a quick transition and don't want to change the current 192.168.150.x addressing scheme (e.g. if you have long DHCP lease times, or have used static IPs for some network devices) you can expand the range to 500+ IPs by changing the subnet mask to 255.255.254.0 (/23) :

Network: 192.168.150.0/23
Host IP range: 192.168.150.1 - 192.168.151.254

Similarly you could change the netmask to /22 to allow 1000+ IP addresses.

johnpoz

As stated you need to change the mask on your lan network.. Now if all your clients are dhcp you shouldn't have much to do other than change the mask on the pfsense lan interface and the dhcp server to allow for the number of hosts you need.

a /16 is prob way to big..  But sure you could do that if you want - but something more like a /23 would double your existing space, but you would be using 150.1 to 151.254

If you want to use .149 with a /23 you would be on 148.1 to 149.254

To include 149 and 150, best mask would be /22 which would give you 192.168.148.0 - 192.168.151.255

hurricanecs

the problem is that i have AD, exchange, SQL, Ansys and a bunch of custom apps and scripts running that all rely on the addresses they currently have in that /24 (192.168.150.x), and our recently setup Huston location, which now also has a server running AD and Ansys is setup with ipsec on 192.168.151.x which i dont want to have to move either.  is there any way that we can configure pfsense to do LAN routing or some such between the two /24s (150.x and 149.x)?  or is that asking the impossible?

Metu69salemi

Routing can be done between these subnets with manual outbound nat rules
there is checkbox labeled Do NOT NAT, tick that and create those rules.

marcelloc

@hurricanecs:

Is there any way that we can configure pfsense to do LAN routing or some such between the two /24s (150.x and 149.x)?  or is that asking the impossible?

As you have sites and more then 250 machines, it will be easy to buy/setup vlan on your network and assign as many /24 as you need without any hardware upgrade on pfsense.

A not so good option is to setup an ip alias on LAN, but it will introduce some problems on your network.

bdwyer

Why don't you just make a VLAN for your various clients and leave all your servers on the .150?  You could create a .149 or .148 and segregate your clients into those networks.  This is safer anyway, as it adds another layer of control over what type of traffic can traverse over into your server network.  In addition, your Windows clients are probably nicely flooding that network with NetBIOS traffic if your not running a WINS server, better to segregate them to their own broadcast domain anyway.