Cidr setup for LAN clients and server hosts

  • Hello all… A new user here to PFSense who is blown away by the power of this software. I have a question about the correct way to setup Cidr for our needs...

    Using Pfsense 2.1 (beta I know) the IP from our provider Cox is:  (Ip's changed slightly for posting in the forum)

    Wan IP:
    Wan subnet:
    Wan Gateway:

    Cidr Block info:

    Cidr IPs: (32 IPs)
    Cidr Netmask:
    Suggested Gateway:
    First Usable IP:
    Last Usable IP:

    So I have my WAN interface configured with the IP and gateway and I am 99.9% certain all is correct there.

    Where I am having trouble is on setting up the LAN and OPT interfaces correctly.  I have 40 workstations getting IPs in the from a DHCP server (not pfsense but in the range). I also have a couple of servers that are statically configured with some the higher IP's in the 174.75.X.X Cidr block.

    After fumbling around, I have managed to get the workstations flowing in and out to the internet but I cannot seem to get the servers with the static Cidr addresses working. I am certain I have bungled the NAT configuration (currently set to manual btw). I have searched through the forum here, and have partially read through the pfsense book. But I still seem not to get the grasp of how to configure the Cidr block correctly for both the LAN and the static servers

    In the end, what I would like to have is all of the workstations going in and out through the first usable Cidr address of .226 and the servers going through their own static ips from the higher addresses in the Cidr block. One last curve, I cannot change the ip configuration on these static servers at all - they have been statically assigned long ago and were working with the previous firewall which took a dump on us.

    Can anyone spare a moment to help an enthusiastic, competent user who is still a pfsense noob who would very much appreciate some guidance?


  • i don't know the exact details but i guess you should assign a VIP (the .226 ) to your LAN interface.
    then disable NAT for the cidr range but keep it enabled for the 10.0.0.x range ?


    also: don't try this on a production system … i have no clue if what i'm saying is correct

Log in to reply