Can't use 1st IP in subnet, new install
-
Beat my head against a wall last evening… Replacing an old firewall with a new shiny pfsense install.
The install goes clean. Set em0 as LAN and ne0 as WAN
Set the following config (IP addresses anonymized):
WAN = 10.10.10.146
GATE = 10.10.10.145
MASK = /29 (i.e. 255.255.255.248)LAN = 192.168.0.254
MASK = /24 (i.e. 255.255.255.0)And it completely fails. Can't see the Internet from either the pfsense machine, or any attached PCs
But, if I do nothing else but change the WAN IP to 10.10.10.147 Everything works! Nat rules work, just a dream.
However, I've lost a public IP that happens to be set to a mail server.
Is there any reason why the first IP in an address block doesn't work (when it does work with the same config on an old Cisco Pix)?
-
It should work fine - n.n.n.144-151 should be the 8 addresses in the /29 subnet. 144 (start) and 151 (end - broadcast) are not usable for normal device addresses. 145 to 150 should all be useable.
It could just be that the upstream ARP cache of your ISP remembers the MAC address of your old firewall at n.n.n.146, and so is trying to send packets for n.n.n.146 to a stale MAC address. How long would the ISP device be caching ARP entries??? -
Well, it's a Roadrunner ethernet handoff.. I thought of that and rebooted the cable modem. No change. But, It's a question I just sent them to be safe.