Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Changing LAN IP/Gateway breaks 2.1

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Durrrr
      last edited by

      Hi,

      Long time lurker, first time poster here. I've been trying to get v2.1 in production and keep running up against this wall. Here's my setup:

      Internet
          |
      Wan Gateway xxx.yyy.32.1
          |
      pfSense Wan IP xxx.yyy.32.11
          |
      pfSense Lan IP 10.0.0.10
          |
      Lan gateway 10.0.0.1 with static route 10.0.0.0/8 to 10.0.0.1
          |
      Cisco Layer 3 switch with various subnets (10.0.0.0 through 10.0.17.0)

      So my workstation is at 10.0.1.50. I setup pfSense with a LAN IP of 10.0.1.100 so that I can reach it. I leave the WAN interface disconnected and get it all configured. But when I move it to the rack and change it's IP, gateway and static route, all traffic running through the pfSense box stops working. I can reach the configurator from my workstation. From the configurator I can ping internet addresses and all LAN addresses in different subnets, but I cannot ping or utilize any other protocol from a LAN machine to any WAN address. I can also ping the pfSense box from an internet address. If I set "allow all" rules on both LAN and WAN, it makes no difference.

      I should also mention that this behavior does not happen in 2.0.3. On the same two sets of hardware that I have tried this on. I've read about not using any LAN gateways, but that isn't an option for me as it won't be able to find the other LAN subnets configured on the switch.

      Any help sorting this out would be greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        You only need to setup the "LAN" gateway in System->Routing, then use it in the static route. Do not set any gateway in Interfaces->LAN.
        That should work fine - I do this to reach test subnets that are behind L3 devices sitting on LAN.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • D
          Durrrr
          last edited by

          Thanks Phil,

          I did do exactly that per Jim's advice in this thread: https://forum.pfsense.org/index.php?topic=74109.0 and it worked!

          Methinks there should probably be a warning on the interface configurator page about this. I configured it exactly as I had my 2.0.3 box and it failed spectacularly on 2.1. I think a warning on the LAN config page would save people a lot of grief as I've run across a few threads discussing this issue. It certainly made me pull some hair out for a few days!

          (It looks right but why TF doesn't it work?!!?!?)

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            @Durrrr:

            I think a warning on the LAN config page

            This is what's in 2.1.1

            On local LANs the upstream gateway should be "none".

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis
              last edited by

              (It looks right but why TF doesn't it work?!!?!?)

              Because the pfSense LAN IP is not a gateway from pfSense to anywhere. A "gateway" in network terms is an IP address on another box, that gets you closer to other destination subnets.
              If you set it to yourself, then packets can go into a bit of an infinite spin, and exhuast their TTL.
              When you have other private subnets behind LAN, you could, in principle, have pfSense LAN gateway set to the other router on LAN that gets you to those "back-end" subnets. But pfSense does not need that to be done.
              I think the real problem that blows it all up is selecting LAN gateway as "default gateway" (or when pfSense kindly does that for you without you realising).
              In any case, on pfSense never set a gateway on a LAN-style interface.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.