Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Manually Edit WAN Subnet Mask

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    10 Posts 5 Posters 20.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mjimlay
      last edited by

      I am doing a new install and my ISP requires the subnet mask to be set to 255.255.255.255 (32bits) for routing purposes, otherwise the connection will not work, it's a bit of an odd setup on their end. I recall on Windows I had to edit the registry for Windows to take the subnet mask.

      These are the settings that need to be in place, and yes I am aware that I am posting my public IP's and I am OK with that.

      IP: 192.95.16.130
      Subnet Mask: 255.255.255.255
      Gateway: 142.4.208.254

      I tried going through the shell interface to manually configure the WAN adapter, but when it gets to the point of asking me how many bits for the subnet mask, it will take anything (24, 8, etc) except for 32 which is for 255.255.255.255. I tried to locate the rc.conf file but can't seem to locate it.

      The ISP provided the following information:

      /etc/rc.conf
      ifconfig_em0="inetIP.Fail.over netmask 255.255.255.255 broadcast IP.Fail.over"
      static_routes="net1 net2"
      route_net1="-net Your.Server.IP.254/32 IP.Fail.over"
      route_net2="default Your.Server.IP.254"

      1 Reply Last reply Reply Quote 0
      • D
        dreamslacker
        last edited by

        255.255.255.255 is a /32 mask.  Are you sure that is correct?  It's usually deployed in that manner for PPPOE/ PPPOA connections.

        Your gateway is also in a different subnet from the issued IP.

        Are you sure those are the settings?  Is the static IP issued actually forwarded/ routed through a separate WAN IP instead?

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          @mjimlay:

          I tried to locate the rc.conf file but can't seem to locate it.

          pfSense doesn't work like that.
          At boot up all the .conf files are generated by the pfSense scripts from the config.xml file. Thus even if you did find the rc.conf file it would be overwritten the next time you rebooted or made any config change.
          As has been said /32 on WAN is odd and as you have found you can't do it via the webGUI as there are safeguards in place to stop such a bizzare config being allowed. To do this you will have to edit the config.xml file (in /conf/) directly. I'm not sure quite how to match those settings though. Be prepared for some trial and error!

          Steve

          1 Reply Last reply Reply Quote 0
          • M
            mjimlay
            last edited by

            It's a bit of an odd setup and I've never seen an ISP have it setup like this, but I can assure you that it does work oddly enough. I have a Windows 2003 Server running with the same settings, different IP, and works but had to edit the registry to get the subnet mask to work.

            As a note, My host is running VMWare ESXi and pfSense is a VM and I have a private LAN with some VM's on it and use pfSense as the firewall/port forwarding/dhcp server for the VM's on that LAN.

            This is a link to some KB's they have:
            http://help.ovh.ie/BridgeClient

            1 Reply Last reply Reply Quote 0
            • M
              mjimlay
              last edited by

              I just tried to edit the xml file and changed the mask from 24 to 32 and reboot the system and still not working :( Ugh.

              1 Reply Last reply Reply Quote 0
              • D
                dreamslacker
                last edited by

                It took a while to actually digest that guide..

                Seems like that guide is specifically for VMs.

                If I interpreted it correctly and assuming you bridged an interface directly to pfsense as WAN, then you actually need to set pfSense WAN as:

                WAN IP:  142.4.208.xxx (where XXX is the so-called physical machine IP)
                WAN subnet mask:  255.255.0.0 (/16)
                WAN Gateway:  142.4.208.254

                Then add an IP alias on WAN with 192.95.16.130

                NAT your pfSense LAN client(s) to the Alias IP.

                Seems like the guide is just for VM's where you actually create a virtual IP and forward the packets through the WAN IP (physical machine IP in the guide).

                In effect, your 'failover ip' is an IP that is statically routed/ forwarded through the physical machine IP subnet.

                1 Reply Last reply Reply Quote 0
                • M
                  mjimlay
                  last edited by

                  pfSense is running as a VM in VMWare. VMWare is assigned the public IP 142.4.208.647. If I assign 142.4.208.647 to pfSense to the WAN IP, wouldn't that cause an IP Conflict, or is that was you are suggesting using the subnet mask of 255.255.0.0 instead of 255.255.255.0?

                  1 Reply Last reply Reply Quote 0
                  • D
                    dreamslacker
                    last edited by

                    @mjimlay:

                    pfSense is running as a VM in VMWare. VMWare is assigned the public IP 142.4.208.647. If I assign 142.4.208.647 to pfSense to the WAN IP, wouldn't that cause an IP Conflict, or is that was you are suggesting using the subnet mask of 255.255.0.0 instead of 255.255.255.0?

                    No.  That configuration only applies if you bridged (pass-through) the physical interface directly into pfSense as WAN.

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      FYI- We already have a ticket for this.

                      http://redmine.pfsense.org/issues/972

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • J
                        JoelC707
                        last edited by

                        So I just wanted to post an update about this. I know mjimlay from another forum and am the one who recommended pfSense to him. He engaged me to help him get this setup and wow was this a PITA. Long story short, I left the "142" address on ESXi so I could maintain remote connectivity to the host and attempted to use the "192" address on pfSense as he did. I could sometimes get it to save the gateway if I added the gateway in the interface setup (but could never get it to save if I added the gateway in the gateways page). This gateway would briefly show as online then go offline, probably due to come check in the background.

                        I would have preferred to have the "142" address on pfSesne WAN and use the "192s" as VIPs (which I think is their intention) but I couldn't maintain connectivity to the host doing this. I then got the bright idea to alter the subnet mask. One of the OVH docs I read mentioned I could set the gateway to /24 instead of /32 and it would still work. I figured if that works, let's see what mask I need to use to make the "142" gateway be in the same subnet as the "192" address I'm configuring. The only valid mask for that is /1 so I tried it and surprisingly it worked. The gateway stays online and hosts behind pfSense have connectivity. This may not be the correct way to have handled this but it worked.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.