Add subnet to LAN Net Alias?



  • Coming from Untangle, there was an option to add an alias network for an interface.  I tried doing this in pfSense by adding a Virtual IP, but that alias subnet doesn't seem to be reflected when creating firewall rules and selecting "LAN Net" as the source/destination.  Is that expected behavior, or am I doing something wrong?

    Primary subnet 10.111.106.0/24
    Secondary subnet 10.111.107.0/24

    107 is our VoIP network, but there are a couple computers that happen to sit on there that need internet access, so I have always routed them back to my primary Firewall.  Network wise, everything is working I just would need to duplicate all my rules that I have setup with "LAN Net" as the source, or create a NEW alias called "The REAL LAN Net" that has both subnets in it and will still have to update all my rules.  I assume "LAN Net" is just an alias somewhere, can I modify it?  Any way around this?  Thanks!



  • In your situation, you could just back off the mask and use 10.111.106.0/23. LAN NET will always reflect the main interface configuration. Aliases and such require custom configuration. Others might want to filter the VOIP traffic in different ways than the 'real' LAN, so making 'LAN NET' encompass alias IPs would be a bad idea for many.



  • Thanks, I can do that.  Will it break anything if I just change the /24 to /23 on the LAN interface, or would I need to update anything else?  Can I leave all the clients with a /24 mask?  I was about to make the change, but thought I should double check before hitting the button…



  • Easiest to leave the clients the way they are, you might want to separate them at some point. It's fine to change the firewall, it's just saving you from making two rules everywhere.