Ran out of IPs on my LAN



  • I have recently nearly run out of IPs on my LAN range of 192.168.150.x.  What is the most effective and reliable way to add say 192.168.149.x and have it transparent to all network devices: servers, workstations, notebooks, mobiles…  never had to deal with a single lan this big.



  • you'd have to change from a Class-C network to a Class-B network (not 192.168.0.x anymore but 172.16.x.x)
    then increase the subnet mask / bit mask

    so if you'd like a range like this: 172.16.0.1 - 172.16.3.254 (1022 ip's)
    you have to set you bitmask to /22
    on you windows clients set you subnet mask to 255.255.252.0

    for easy calculator go: http://www.subnet-calculator.com



  • If you want a quick transition and don't want to change the current 192.168.150.x addressing scheme (e.g. if you have long DHCP lease times, or have used static IPs for some network devices) you can expand the range to 500+ IPs by changing the subnet mask to 255.255.254.0 (/23) :

    Network: 192.168.150.0/23
    Host IP range: 192.168.150.1 - 192.168.151.254

    Similarly you could change the netmask to /22 to allow 1000+ IP addresses.


  • LAYER 8 Global Moderator

    As stated you need to change the mask on your lan network.. Now if all your clients are dhcp you shouldn't have much to do other than change the mask on the pfsense lan interface and the dhcp server to allow for the number of hosts you need.

    a /16 is prob way to big..  But sure you could do that if you want - but something more like a /23 would double your existing space, but you would be using 150.1 to 151.254

    If you want to use .149 with a /23 you would be on 148.1 to 149.254

    To include 149 and 150, best mask would be /22 which would give you 192.168.148.0 - 192.168.151.255



  • the problem is that i have AD, exchange, SQL, Ansys and a bunch of custom apps and scripts running that all rely on the addresses they currently have in that /24 (192.168.150.x), and our recently setup Huston location, which now also has a server running AD and Ansys is setup with ipsec on 192.168.151.x which i dont want to have to move either.  is there any way that we can configure pfsense to do LAN routing or some such between the two /24s (150.x and 149.x)?  or is that asking the impossible?



  • Routing can be done between these subnets with manual outbound nat rules
    there is checkbox labeled Do NOT NAT, tick that and create those rules.



  • @hurricanecs:

    Is there any way that we can configure pfsense to do LAN routing or some such between the two /24s (150.x and 149.x)?  or is that asking the impossible?

    As you have sites and more then 250 machines, it will be easy to buy/setup vlan on your network and assign as many /24 as you need without any hardware upgrade on pfsense.

    A not so good option is to setup an ip alias on LAN, but it will introduce some problems on your network.



  • Why don't you just make a VLAN for your various clients and leave all your servers on the .150?  You could create a .149 or .148 and segregate your clients into those networks.  This is safer anyway, as it adds another layer of control over what type of traffic can traverse over into your server network.  In addition, your Windows clients are probably nicely flooding that network with NetBIOS traffic if your not running a WINS server, better to segregate them to their own broadcast domain anyway.


Log in to reply