Can't use 1st IP in subnet, new install



  • Beat my head against a wall last evening…  Replacing an old firewall with a new shiny pfsense install.

    The install goes clean.  Set em0 as LAN and ne0 as WAN

    Set the following config (IP addresses anonymized):

    WAN = 10.10.10.146
    GATE = 10.10.10.145
    MASK = /29  (i.e. 255.255.255.248)

    LAN = 192.168.0.254
    MASK = /24 (i.e. 255.255.255.0)

    And it completely fails.  Can't see the Internet from either the pfsense machine, or any attached PCs

    But, if I do nothing else but change the WAN IP to 10.10.10.147  Everything works!  Nat rules work, just a dream.

    However, I've lost a public IP that happens to be set to a mail server.

    Is there any reason why the first IP in an address block doesn't work (when it does work with the same config on an old Cisco Pix)?



  • It should work fine - n.n.n.144-151 should be the 8 addresses in the /29 subnet. 144 (start) and 151 (end - broadcast) are not usable for normal device addresses. 145 to 150 should all be useable.
    It could just be that the upstream ARP cache of your ISP remembers the MAC address of your old firewall at n.n.n.146, and so is trying to send packets for n.n.n.146 to a stale MAC address. How long would the ISP device be caching ARP entries???



  • Well, it's a Roadrunner ethernet handoff..  I thought of that and rebooted the cable modem.  No change.  But, It's a question I just sent them to be safe.


Locked