We had a static IP address change on a network that had been in operation for about six years. Since we have gradually been migrating services off to third-party hosting, we no longer need a block of local static IP addresses. To save some ca$h, we are down to one static IP — but that necessitated getting a new IP.
At midnight, the change occurred.
I went into the pfSense admin, got rid of all my 1-to-1 NAT mappings, virtual IPs, and all the firewall rules that protected the no-longer-extant servers. And I couldn’t see the outside world.
I couldn’t even ping the gateway.
Plugging a Mac into the same cable, however, and setting the network parameters, and I had immediate glorious interweb access everywhere.
It was perplexing. The pfSense firewall was configured exactly the same as the Mac. Why u no work firewall?
After a bunch of nonsense, I found the problem. I’d set the WAN interface to our new IP address, and specified it as a single IPv4. I thought I was setting the netmask correctly for a single IP:
IPv4 WAN Address: xxx.xxx.xxx.xxx/32
It turns out, I needed to reduce that netmask. That /32 means *all* of the address is the network submask.
For a single IP address, I used /24 (leaving the entire last byte as my address), although /31 should probably work and would lock it to the specific address.
Edit: The key is the netmask has to leave the gateway in the same subnet as your IP. Doh! You can see I don’t do this kind of stuff enough to know what I[‘m talking about.