Unusual LAN interface behaviour



  • I am in the final testing phase of a pfsense rollout, all the testing has been going great so far until now….  I went for alive switchover of our existing firewall to see how much downtime we would have to experience when going from a GTA Gnatbox hardware firewall to pfsense (the gnatbox has gone EoL so need to have a fallback plan in case of failure).  So disconnected the 4 ports from the HW firewall, connected the ports on the pfsense and reset the IP address in the LAN interface to match that of the H/W firewall.

    At this point the internet goes down and doesn't come back up, I cannot ping the LAN interface any more and generally bad things happen.  Switch everything back to how it was and can now ping the LAN interface on it's usual IP address.  This, to a reasonably experienced net admin, is very strange behaviour.  Why do things change so much with just an IP address switch?, there is nothing else on the LAN using that IP address as it is outside of our DHCP leases and so no other system can get this IP address from there.  I have to be in early doors to try and get it up and running before users come in to work for the day and wanted to try and get a better idea of how to fix the issue beforehand.

    Drac



  • @draccusfly:

    So disconnected the 4 ports from the HW firewall, connected the ports on the pfsense and reset the IP address in the LAN interface to match that of the H/W firewall.

    The IP address changed from … to ... ? (It was my experience that some major configuration changes seem to require a restart to completely clear out the old details.)

    @draccusfly:

    At this point the internet goes down and doesn't come back up,

    As seen where? from pfSense console? client computer connected to pfSense?

    @draccusfly:

    I cannot ping the LAN interface any more and generally bad things happen.

    What ping command did you use and what does ping report?

    @draccusfly:

    Why do things change so much with just an IP address switch?,

    If you want a detailed explanation you will need to provide more details of your configuration and how it changed.

    @draccusfly:

    So disconnected the 4 ports from the HW firewall, connected the ports on the pfsense

    This suggests you have at least three "LAN" ports on the pfSense box. Unless these ports are bridged you will need to add firewall rules on the ports that aren't THE pfSense LAN port to allow traffic. (The default pfSense configuration is to allow connections arriving on the LAN interface and block connections arriving on the other interfaces.)