Change in PfSense LAN IP address makes it inaccessible



  • I have newly installed pfSense 2.2.4 (AMD64) as Guest over  Virtualbox with two Bridged NIC adapters.

    I want the following IP configuration of pfSense:

    em0: WAN : 172.16.0.33  Upstream Gateway:172.16.0.14
    em1: LAN  : 172.16.0.32

    After installing, I set interface IPs and gateway as mentioned above, pfSnese is unable to ping to the LAN computers and LAN computers are not able to open the web configurator also. There is no communication of Host & LAN Computer with Guest pfSense.

    please give solution.

    Sher Singh Rawat



  • For starters, your LAN network can't be in the same subnet range as your WAN - you won't be able to route out since both networks occupy the same 172.16.0.x range. Make sure your LAN and WAN are on different network address ranges and if your WAN has a 'private' (eg: 172.16.x.x) address, make sure your firewall rules on the WAN side have 'Block Private Networks' un-ticked.

    You've left out a lot of information, such as whether your LAN computers have static or DHCP-assigned addresses and what they are currently set to. And how is communication lost? Can you ping the PFS from any LAN host but can't open the web gui? Can you get out to the internet (doubtful with your current setup)? What network is your Virtualbox host running on?

    You'll have to provide more information, otherwise any advice from this point onwards is going to be guesswork.



  • in the last time it is more and more to be common to set up a so called transparent firewall in a so called
    "bridged mode", but this might be only running well for peoples and users they know what they are doing
    and especially when and where this should be done. For the nearly rest of us the most common way would
    be to go with a routet network. So the WAN and LAN network must be having different IP addresses.

    em0: WAN : 172.16.0.33  Upstream Gateway:172.16.0.14
    em1: LAN  : 172.16.0.32

    Here in this shown example no routing is needed because all IP addresses are in the same subnet
    or IP address range. Mostly another router with SPI & NAT is then in front of this device or VM.

    After installing, I set interface IPs and gateway as mentioned above,

    And what is with NAT here in this example, who is doing NAT here in the game?

    pfSnese is unable to ping to the LAN computers and LAN computers are not able to open the web configurator also.

    This could be pointed to the circumstance that the WAN and LAN interface has the same IP address range
    and from "outside" or plain the WAN interface no configuration or WebGui connection is allowed!

    There is no communication of Host & LAN Computer with Guest pfSense.

    And who is doing the routing here at the WAN interface, or in shorter words where is the router
    that does the Internet connection?

    I found that even if i change the LAN IP to class B (192.168.1.x) address, communication is lost.

    Bridged together ports will not doing routing because they are transparent or in shorter words they are invisible
    for the rest of the network members.

    • Change the IP address ranges at the WAN and LAN Ports ti be different ones.
    • Enable NAT at the WAN Interface (Double NAT or router cascade)
      Then it might be working as expected.


  • Thanks gentlemen for your response.

    I am having the setup as specified in the image. Suggest, do i need improvements in this?




  • What is ADSL1, ADSL2 and ADSL3? Routers or modems?
    And what is this for a switch in front of the pfSense? Managed or unmanaged?



  • @Sher:

    Suggest, do i need improvements in this?

    Yes. Change your WAN and/or LAN address ranges so that they aren't on the same network. (eg: try 192.168.0.x/24 on the WAN and 172.16.0.x/16 on your LAN). As has been mentioned twice already. Then perhaps you can explain how the routers (modems?) are set up - are they set to route traffic from different internal networks? Are they meant for load-balancing? Or is only one of them being used for your internal clients?


Log in to reply