Computer with local static ip

altiris · Dec 27, 2014, 7:16 AM

I cant seem to get a computer a static ip connect to my pfsense box. Obviously I am doing something wrong but I can't figure out what. I have tried looking in the pfsense docs but I only find out how to do it with dhcp disabled.

So what I do is I go into the interfaces tab on the web gui and I set one interface to static ip and give ip say 192.168.1.125. Then I make sure dhcp is disabled on pfsense and I go on the computer that I want to connect and make sure the ip is also 192.168.1.125. Then when I connect the ethernet cable to pfsense i can't connect, I can't ping the box either. If I change the interface to dhcp with the dhcp server running (dhcp ips are out of the range of .125) then it works. What is going on here?

Wolf666 · Dec 27, 2014, 2:19 PM

You cannot assign the same IP to different PC. If your pfSense interface has 192.168.1.125 as its static IP, then the other PC must have 192.168.1.126 or whatever you like inside the subnet 192.168.1.0/24 and not already assigned.

altiris · Dec 27, 2014, 2:49 PM

@Wolf666:

You cannot assign the same IP to different PC. If your pfSense interface has 192.168.1.125 as its static IP, then the other PC must have 192.168.1.126 or whatever you like inside the subnet 192.168.1.0/24 and not already assigned.

I was figuring this but I wasn't sure. So how come when you set the interface to static you need to actually give the interface it's own static ip if another computer that is going to connect to it will have its own IP? Thank you though, to tell you the truth I have not read much documentation and am doing this aa I go, all documentation I find are how tos and not necessarily explaining how pfsense works. If you know of any good documentation I would also appreciate a link to it if possible.

zikmen · Dec 27, 2014, 3:00 PM

long story short, each "interface" , (pfsense network plugs) and (computers network plugs) are considered as an interface, they cannot have the same ip adress.
we'll give them a name for understanding.

if pfsense lan interface is named MIKE and you try to name your workstation MIKE also, it's not going to work. for this particular reason:

if you have two person named MIKE in the same room and a third one send a message to MIKE, who should take it?

leave pfsense static ip of the interface as it's default, let's say 192.168.0.1/24

set the dhcp ON from 192.168.0.100 to 192.168.0.254

Assing a manual adress ip on the workstation outside of the range of the dhcp, and don't use a "already used" ip adress such as the onePfSense interface is already using.

the /24 (CIDR) also means that when configuring a manual ip in windows, the network mask should be 255.255.255.0
the default gateway will be the ip adress of the pfsense interface: 192.168.0.1 in our example.

stephenw10 · Dec 27, 2014, 4:00 PM

@altiris:

So how come when you set the interface to static you need to actually give the interface it's own static ip if another computer that is going to connect to it will have its own IP?

Yikes! ???

Every device must have it's own unique IP address in a network that uses internet protocol. You may not find that explicitly stated in the pfSense docs because it's absolutely fundamental to computer networking. Perhaps I've misinterpreted the question. No offence intended.

Steve

altiris · Dec 27, 2014, 6:44 PM

@stephenw10:

@altiris:

So how come when you set the interface to static you need to actually give the interface it's own static ip if another computer that is going to connect to it will have its own IP?

Yikes! ???

Every device must have it's own unique IP address in a network that uses internet protocol. You may not find that explicitly stated in the pfSense docs because it's absolutely fundamental to computer networking. Perhaps I've misinterpreted the question. No offence intended.

Steve

no you are correct and I understand that you can't have, say two computers with the same ip address or else there will be a conflict. What I was confused about was why the interface needed an IP for itself. I am used to working with simple routers as well as sonicwall tz 210 where I have never had to assign an ip to an interface, I would just plug in whatever device and then assign whether or not the device would use dhcp or static on the device itself (making sure nothing will conflict of course). This is why i was confused when pfsense asked for a static ip for an interface and so I put it as the same one that the device being plugged in would have because I had no other clue.

altiris · Dec 27, 2014, 9:20 PM

@Wolf666:

You cannot assign the same IP to different PC. If your pfSense interface has 192.168.1.125 as its static IP, then the other PC must have 192.168.1.126 or whatever you like inside the subnet 192.168.1.0/24 and not already assigned.

alright so I changed the IP on the interface to 120 instead of 125. On the device I want to connect I left it assigoes with 125. When I hook up the device to the interface it still can not ping pfsense or access the Web gui. Any ideas? I'm stumped.

zikmen · Dec 27, 2014, 9:26 PM

The ip adress of the interface is in fact the "router adress", the door at wich from a workstation you nock at to access the dashboard.

if you have 4 interfaces for 4 separated lans, the router dashboard must be accessible from no matter where you are.

Small d-link routers also have this setting but it's just named another way.

Zikmen

altiris · Dec 27, 2014, 9:36 PM

@zikmen:

The ip adress of the interface is in fact the "router adress", the door at wich from a workstation you nock at to access the dashboard.

if you have 4 interfaces for 4 separated lans, the router dashboard must be accessible from no matter where you are.

Small d-link routers also have this setting but it's just named another way.

Zikmen

This is kind of confusing for me, I am very young buto I am interested in this stuff. So when I said that I could connect to pfsense or ping it, I was pinging the "router address" as you say of the LAN inet face. I tried to ping the router address/static IP of the interface my computer is connected to, which is 120 but it still did not work.

zikmen · Dec 27, 2014, 10:14 PM

attach a print screen of the LAN interface config page.
also add one of the dhcp configuration page
and finally, give a print the network status on the workstation.

Both the router (LAN interface) and the workstation must be under the same subnet. if you have not understood yet subnetting concepts, keep the router at default 192.168.0.1 /24 Adress and continue to use the 255.255.255.0 subnet mask on workstations.

altiris · Dec 28, 2014, 1:15 AM

So I bridged an interface with LAN and made a rule on the firewall to allow all traffic or something like that and the computer can now connect to pfsense and outside.

zikmen · Dec 28, 2014, 2:02 AM

So you have things working as you want it?

altiris · Dec 28, 2014, 2:56 AM

@zikmen:

So you have things working as you want it?

pretty much yeah! The more you mess around with this thing the more sense it makes.(ha ha pf sense). Im having a little trouble being able to access the wan ip (Web server) externally, I'm not sure what interface I need to allow the ports on (I've done 1:1 nat) but i think I can figure it out. I don't think I took the time to say thanks for you taking out your time and helping me but thank you so much! I would be stuck without you.

Derelict · Dec 28, 2014, 7:09 PM

You really need to do some reading. Even though home routers (and pfSense) to a fair job of getting people up and running quickly, if you are going to do something other than DHCP/PPPoE WAN + DHCP LAN on 192.168.1.1/24 and a built-in switch you need to understand some basic concepts. This is a link to the SHORTEST paper I can find and even it seems a little light on MAC and IP addressing and subnetting.

http://www.ircbeginner.com/ircinfo/Routing_Article.pdf

stephenw10 · Dec 28, 2014, 9:36 PM

It's important to realise that the router is not really any different to a client machine except with more network interfaces. It's easier to see that when you're using a pfSense box built out of an old PC with several NICs in it, less so when it's an all in one box that hides things from you to make it easier. ;)

Steve

altiris · Dec 28, 2014, 10:41 PM

@Derelict:

You really need to do some reading. Even though home routers (and pfSense) to a fair job of getting people up and running quickly, if you are going to do something other than DHCP/PPPoE WAN + DHCP LAN on 192.168.1.1/24 and a built-in switch you need to understand some basic concepts. This is a link to the SHORTEST paper I can find and even it seems a little light on MAC and IP addressing and subnetting.

http://www.ircbeginner.com/ircinfo/Routing_Article.pdf

I know I do, the problem is I have little time with school and I try setting up things as quickly as possible…it sucks but I keep finding myself doing this.

Derelict · Dec 29, 2014, 2:35 AM

Learning what you're doing will actually SAVE you time…