Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't use 1st IP in subnet, new install

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      scottm52
      last edited by

      Beat my head against a wall last evening…  Replacing an old firewall with a new shiny pfsense install.

      The install goes clean.  Set em0 as LAN and ne0 as WAN

      Set the following config (IP addresses anonymized):

      WAN = 10.10.10.146
      GATE = 10.10.10.145
      MASK = /29  (i.e. 255.255.255.248)

      LAN = 192.168.0.254
      MASK = /24 (i.e. 255.255.255.0)

      And it completely fails.  Can't see the Internet from either the pfsense machine, or any attached PCs

      But, if I do nothing else but change the WAN IP to 10.10.10.147  Everything works!  Nat rules work, just a dream.

      However, I've lost a public IP that happens to be set to a mail server.

      Is there any reason why the first IP in an address block doesn't work (when it does work with the same config on an old Cisco Pix)?

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        It should work fine - n.n.n.144-151 should be the 8 addresses in the /29 subnet. 144 (start) and 151 (end - broadcast) are not usable for normal device addresses. 145 to 150 should all be useable.
        It could just be that the upstream ARP cache of your ISP remembers the MAC address of your old firewall at n.n.n.146, and so is trying to send packets for n.n.n.146 to a stale MAC address. How long would the ISP device be caching ARP entries???

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • S
          scottm52
          last edited by

          Well, it's a Roadrunner ethernet handoff..  I thought of that and rebooted the cable modem.  No change.  But, It's a question I just sent them to be safe.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.