Hello! I need to change the WAN interface address to one that is on another subnet. I need to end up getting off the 50.31.0.0 network altogether, ultimately, but need to do so one step at a time. However, I'm concerned that I don't quite understand the implications of changing the WAN primary IP address. I would very much appreciate any guidance you might offer.
Suppose the following current configuration of IP addresses on the WAN interface: WAN 50.31.0.14 GW 50.31.0.1 ALIAS 50.31.0.25 CARP 50.31.0.71 * Gateway is monitored using SRC 50.31.0.14 ICMP * DNS forwarding is configured, so SRC 50.31.0.14 UDP * VRRP packets are SRC 50.31.0.14 TCP * Clients are connecting to 50.31.0.71 (the CARP address) * Outbound connections are masqueraded as 50.31.0.71 (the CARP address) I want to begin the migration by changing the WAN interface address to, say, 87.54.0.34. Here is what I imagine the configuration needs to become: WAN 87.54.0.34 GW2 87.54.0.29 GW (default) 50.31.0.1 ALIAS 50.31.0.25 CARP 50.31.0.71 My first question would be, will this work? More specifically, what will be the SRC IP address of the a) gateway monitoring, b) DNS, and c) VRRP traffic? The gateway monitoring traffic would have to choose the ALIAS address for GW, and the WAN address for GW2; the routes to those subnets would be used (a direct link). It seems the DNS traffic would end up with SRC 87.54.0.34; the default gateway is not on the same subnet and would therefore drop the packets. Would VRRP traffic for 50.31.0.71 choose the ALIAS address, since it's the only one on the subnet of the CARP address? However, perhaps complicating things, we do not yet have the subnet of the new WAN IP address routing over our uplink. We're moving it over from another firewall and want to preconfigure this firewall as much as possible to host the new subnet, so that we might minimize downtime for connections to 87.54.0.34. Therefore, we cannot yet receive packets at 87.54.0.34; the gateway 87.54.0.29 is unreachable. Will this plan work at all, or is the role of the WAN address so critically important that we really cannot preconfigure it for a new subnet like this? Please let me know if this is not clear enough to help. Thank you! _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
