setting up my pfsense router

B

Brave_skykorn

New Member
Apr 1, 2026
15
1
3
my wan is set to 192.168.1.81/24
my Lan is set to 172.16.32.1/24
I did this so i knew for a fact my Lan would be separate. and yet I cant reach the Web browser extension for PFsense.
 
Ooh that might be the issue isn't it? I might have also messed it up in the instillation because I know I set up one of my bridges to be 192.168.1.100 but I think I allowed dhcp and it changed it to I think the wan. So I guess I try to set the 192.168.1.81 or whatever it was to 192.168.1.100?
 
No. My router and computer is 192.168.1.x IP. I thought I was supposed to leave the lan on the same subnet and the wan on a different one.
 
thank you so much. i disabled the firewall rules and now i can connect with wan. I will just quickly configure it and get it secured. thank you so much for helping me.
 
wait a minute i messed up again. so I went through the setup wizard and i set the static ip to be the same as my lan. how do i fix this?
 
You should be able to change IPs from the pfSense console. Or since it's a VM just reinstall.

I would plan out your network layout first though...pfSense WAN should connect to only your ISP. pfSense LAN should connect to your network. There are various ways, like VLAN or a passthrough NIC for WAN...if that's not a strong suit I would maybe consider a physical router.
 
  • Like
Reactions: proxuser77
Brave_skykorn said:
my wan is set to 192.168.1.81/24
my Lan is set to 172.16.32.1/24
Click to expand...
What is the actual goal here? I mean, what is that pfSense instance supposed to do?

You mentioned you already have a router with a LAN in the 192.168.1.0/24 range. So why add another virtualized router behind it with a separate 172.16.32.0/24 LAN? What’s meant to run on the 192.168.1.0/24 network, and what on the 172.16.32.0/24 network?

If your goal is network segmentation, I’d recommend ditching the existing router or putting it into bridge mode (if possible), so that pfSense can get the public IP directly on its WAN interface. You can then still manage one or multiple phisical LANs or VLANs within pfSense, without having to deal with double NAT.

Also, to keep things simple and more resilient, I’d strongly recommend running pfSense on a separate physical box rather than virtualising it. You don’t need to spend much on HW, unless you’re dealing with something like ≥25 Gbit internet. For 1 Gbit (and even 10 Gbit in many cases), almost any PC from the last 10–15 years with at least 4 GB RAM will handle routing just fine.
 
Last edited:
  • Like
Reactions: Johannes S
i have a mini pc cluster and i just want something small so I can practice configuring routers and securing a kali linux VM. That way i could put it on my resume and finally get a job.
 
SteveITS said:
You should be able to change IPs from the pfSense console. Or since it's a VM just reinstall.

I would plan out your network layout first though...pfSense WAN should connect to only your ISP. pfSense LAN should connect to your network. There are various ways, like VLAN or a passthrough NIC for WAN...if that's not a strong suit I would maybe consider a physical router.
Click to expand...
darnit i am trying to make a new VM and now the netgate installer is failing.
 
Brave_skykorn said:
so I can practice
Click to expand...
The full setup needs some complexity, to be useful - right?

To examine routers and network problems you may setup a virtual playground.

When I wanted to play with Ceph I took one beefy PVE node and created six virtual PVE nodes, created a cluster, prepared several virtual disks for Ceph, integrated everything and... destroyed it partially - to learn how to repair it. It was really painless because on the "master"-PVE I could create snapshots of the virtual nodes in beforehand :-)

I am fairly sure that for evaluating or learning networking/routing/VLANs etc. this approach works too. Sniffing with tools like Kali needs promiscuous mode, which is available for virtual bridges/NICs too.

Disclaimer: I did not test this and - of course - that's just an idea, your mileage may vary, as usual.
 
alright i just created a new pf sense router and now that isn't working either after i got past the wizard. i am probably just gonna give up on pf sense and set up wireguard or something.
 
Brave_skykorn said:
i am probably just gonna give up on pf sense and set up wireguard or something.
Click to expand...
Yes, OpnSense/pfSense are complex beasts. Just look at the loooong feature list!

Compared with that Wireguard is really, really easy - as it does one single job, and it does it right! My preferred method is to handcraft something like https://www.wireguard.com/quickstart/. This requires one endpoint to be reachable from the other end; a single direction is sufficient, but bidirectional is preferred.

Only if that is not possible (because both tunnel ends are in a not-reachable LAN) I build an additional external relay which is reachable from both endpoints.

(( I use several such tunnels. Nearly all of them do "only" establish a point-to-point connection to get a specific job done. This is different from "route all my generic traffic to the outside world through that tunnel" as I do not activate routing/masquerading at all. ))

Have fun! :-)
 
You must log in or register to reply here.
Top Bottom
Back