SOLVED - No local access to devices with new netmask


  • I changed the netmask for my LAN interface from /24 to /22
    I have set the DHCP pool to 10.0.2.x
    I have static clients in 10.0.1.x
    I have servers and equipment statically assigned in 10.0.0.x

    If i attempt to access a server in the 10.0.0.x range from the .1.x or .2.x I have very intermittent access. Some devices work fine, just like normal. Other devices work on and off and some aren't accessible at all. If i attempt to access from their web address it works fine so the servers are running however I can not get LAN side working. Any one have any advice on how to troubleshoot this?

    If I set myself a static IP in the 10.0.0.x range I can access all the servers fine.


  • You have to change the mask on all your static IP devices. And renew the DHCP lease for all the dynamic ones.


  • How do you change the mask on a static mapping? I don't see the option for it there.

    This is how it looks in the DHCP setting page

    If I edit a static mapping there is no option for a mask?

    I have restarted the DHCP server several times as well as the pfsense box itself, is this enough to renew the leases?

    I forgot to add, all devices can access the internet fine


  • Oh static mappings are fine, they'll get the correct mask upon DHCP renewal. It sounded like they were static IP, not static DHCP mappings.

    Anything with a static IP configured has to be changed on that device, but not anything getting a static mapping via DHCP.


  • Thanks
    I checked the devices and they are correctly getting the right netmask via the static DHCP.

    Some are accessible no problem (Pi's) others such as QNAP NAS's or proxmox server are completely inaccessible. VM's on the proxmox servers are intermittently accessible.

    This is bizarre.
    IS there any different / better way to set this up?

    Oh and when connecting via the VPN on 10.0.5 everything is accessible fine


  • Depending on your lease length, I would guess the problem systems maybe haven't renewed their lease and gotten the new mask yet. Or maybe you have some devices that aren't DHCP from static mappings and are statically configured.

    For the DHCP clients, you did everything that needs to be done. There's nothing more to it than making sure they've renewed their leases so they have the new mask.


  • Would a complete reboot of the devices renew their lease or is this something that would need to be done in pfsense?


  • It's funny as all the devices show up in a network scan if I'm in the 10.0.2.x range but their services aren't detected.

    Would routers configured in AP mode interfere with this at all? That's all I can think of right now that might be causing this


  • Issue solved. turned out to be ACL's on the NAS device that was causing issues.