fogbound.net




Fri, 5 Jun 2015

pfSense Can’t See the Outside World

— SjG @ 11:00 am

We had a static IP address change on a network that had been in operation for about six years. Since we have gradually been migrating services off to third-party hosting, we no longer need a block of local static IP addresses. To save some ca$h, we are down to one static IP — but that necessitated getting a new IP.

At midnight, the change occurred.

I went into the pfSense admin, got rid of all my 1-to-1 NAT mappings, virtual IPs, and all the firewall rules that protected the no-longer-extant servers. And I couldn’t see the outside world.

I couldn’t even ping the gateway.

Plugging a Mac into the same cable, however, and setting the network parameters, and I had immediate glorious interweb access everywhere.

It was perplexing. The pfSense firewall was configured exactly the same as the Mac. Why u no work firewall?

After a bunch of nonsense, I found the problem. I’d set the WAN interface to our new IP address, and specified it as a single IPv4. I thought I was setting the netmask correctly for a single IP:

IPv4 WAN Address: xxx.xxx.xxx.xxx/32

It turns out, I needed to reduce that netmask. That /32 means *all* of the address is the network submask.

For a single IP address, I used /24 (leaving the entire last byte as my address), although /31 should probably work and would lock it to the specific address.
Edit: The key is the netmask has to leave the gateway in the same subnet as your IP. Doh! You can see I don’t do this kind of stuff enough to know what I[‘m talking about.


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.