New router best practices

Xylem59

By Xylem59
in General Support

Recommended Posts

Xylem59 Noob

Xylem59

Posted
Posted

I am planning on changing my router to a new pfsense box. 
My current IP is set to 192.169.59.xxx. 
I would like to create a new set of IP with my new router for personal use 15.15.15.xxx, for guest 15.15.50.xxx and last one for IOT devises 15.15.100.xxx

is it not recommended? 
How will my unraid “react” to that? 
What are the best practices when changing your router? 
Thank you. 

Link to comment
Frank1940 Veteran

Frank1940

Posted
Posted

When you are home alone with nothing else to do for the next four to eight hours.  🤣  😈   😇

 

If you don't have a large block of time set aside for the change-over without having a wife, family and, perhaps, even guests expecting a working Local LAN with Internet access, Mr. Murphy can guarantee it will take at least that long. 

  • Upvote 1
Link to comment
-MacGyver- Rookie

-MacGyver-

Posted
Posted (edited)

15.x.x.x is not a private address, you should avoid that if at all possible. If you were to try to hit the public site that has those you could have issues. You didn't say, but if you are the business or entity that owns that public range you can use it. Otherwise don't use public on a private network.

 

These are the private address spaces you should be using:

Class A: 10.0.0.0 to 10.255.255.255

Class B: 172.16.0.0 to 172.31.255.255

Class C 192.168.0.0 to 192.168.255.255

 

Outside of using proper classes it's your network setup how you wish. It's then the network rules you need to get right for moving data around. For that best to Google and see what others have done. I'm sure there are a lot of pfsense blogs and YouTube on rules to setup. For example, I needed several rules on my network ( not pfsense) for Sonos and Chromecast devices.

 

When I switched from consumer grade to prosumer I used all 3 classes, the only reason is because I could. Class A 10.x.x.x for vlans, Class B  172.20.x.x for the internal network equipment and Class C 192.168.2.x for guest.

 

TBH Google is your best friend for this.

 

 

Try ing to edit these out on mobile,won't let me...

😞🙃

Edited by klepel
Try to edit out errant emoji
  • Thanks 1
  • Upvote 1
Link to comment
Xylem59 Noob

Xylem59

Posted
  • Author
Posted
49 minutes ago, klepel said:

15.x.x.x is not a private address, you should avoid that if at all possible. If you were to try to hit the public site that has those you could have issues. You didn't say, but if you are the business or entity that owns that public range you can use it. Otherwise don't use public on a private network.

 

These are the private address spaces you should be using:

Class A: 10.0.0.0 to 10.255.255.255

Class B: 172.16.0.0 to 172.31.255.255

Class C 192.168.0.0 to 192.168.255.255

 

Outside of using proper classes it's your network setup how you wish. It's then the network rules you need to get right for moving data around. For that best to Google and see what others have done. I'm sure there are a lot of pfsense blogs and YouTube on rules to setup. For example, I needed several rules on my network ( not pfsense) for Sonos and Chromecast devices.

 

When I switched from consumer grade to prosumer I used all 3 classes, the only reason is because I could. Class A 10.x.x.x for vlans, Class B  172.20.x.x for the internal network equipment and Class C 192.168.2.x for guest.

 

TBH Google is your best friend for this.

 

 

Try ing to edit these out on mobile,won't let me...

😞🙃


Good point. I will use 10.xxx or 172.xxx.


Now in terms of switching my old ip to my new ip, is it going to generate issue with my unraid ? 
Is my unraid going to change ip? 
What s the best approach ? 

Link to comment
ljm42 Experienced

ljm42

Posted
Posted
4 hours ago, Xylem59 said:

How will my unraid “react” to that? 
What are the best practices when changing your router? 

 

In general I would say this is fine. In practice, it depends on how much customization you have done and if anywhere in that customization you hard-coded the old IP address.

 

Having said that, someone is reporting some odd behavior with an IP change over here: https://forums.unraid.net/topic/134052-wrong-local-acces-url-in-management-access-after-changing-servers-ip/#comment-1218233 You might want to keep an eye on that thread.

 

2 hours ago, Frank1940 said:

@ljm42, Any comments if OP is using SSL/TLS?

 

This should not be a problem. Once the system gets a new IP it will update the config files. Then, assuming the system is able to access the Internet it will run UpdateDNS to report the new IP so we can update DDNS.  You can see what it submits by running this command: 

php /usr/local/emhttp/plugins/dynamix/include/UpdateDNS.php -v

 

 

Link to comment
Frank1940 Veteran

Frank1940

Posted
Posted
30 minutes ago, ljm42 said:

This should not be a problem. Once the system gets a new IP it will update the config files. Then, assuming the system is able to access the Internet it will run UpdateDNS to report the new IP so we can update DDNS.  You can see what it submits by running this command:

That is assuming that he does not run into this problem:

        https://forums.unraid.net/topic/132136-update-your-legacy-ssl-certificate-now/#comment-1200615

 

OP, I suspect that Pfsense may well  have DNS rebinding turned off.  Most commercial and prosumer routers do.  Most consumer routers do not have it turned off...

Link to comment
ljm42 Experienced

ljm42

Posted
Posted
2 minutes ago, Frank1940 said:

OP, I suspect that Pfsense may well  have DNS rebinding turned off.  Most commercial and prosumer routers do.  Most consumer routers do not have it turned off...

 

I was focused on the fact that they wanted to change their IP range. But you are right, if you are changing routers and want to use a myunraid.net certificate, you will need to make sure that DNS Rebinding is disabled on that router.

 

It might be easiest to disable SSL (Settings -> Management Access -> Use SSL = no) before switching routers, that way you will definitely be able to access the webgui via http://ipaddress.  After switching to the new router/ip the Management Access page will warn if DNS Rebinding is an issue.

 

Link to comment
Xylem59 Noob

Xylem59

Posted
  • Author
Posted

Thank you all for your responses so far. 
So, if I create my new ip on my new router to be 10.15xxx will my unraid stay with 192.168.xxx?

My main concern right now is to keep Plex working for the family. 
-can I lock my old 192.168.xxx for unraid, if yes how?

-is it better to use the 10.15.xxx my new router will assigned (DHCP) ? 
 

Link to comment
Xylem59 Noob

Xylem59

Posted
  • Author
Posted
1 hour ago, ljm42 said:

 

I was focused on the fact that they wanted to change their IP range. But you are right, if you are changing routers and want to use a myunraid.net certificate, you will need to make sure that DNS Rebinding is disabled on that router.

 

It might be easiest to disable SSL (Settings -> Management Access -> Use SSL = no) before switching routers, that way you will definitely be able to access the webgui via http://ipaddress.  After switching to the new router/ip the Management Access page will warn if DNS Rebinding is an issue.

 

it seems that this was already set to NO on the unraid.

 

unraid mgt access.PNG

Link to comment
ljm42 Experienced

ljm42

Posted
Posted

You should shut down all of the computers and IOT devices in your house, swap routers, and then start turning things on one at a time so you can evaluate them. You will want to make sure that everything comes up with an IP address in the correct subnet.

 

It looks like you have Unraid set to get an IP from DHCP, so after it boots you want to make sure it gets an IP on the 10.15.15.x subnet, along with all of your other computers and non-IOT devices.

 

Unraid should need no special handling for this change, unless you have hard-coded the old IP address in scripts or bookmarks or whatever.

  • Upvote 2
Link to comment
Xylem59 Noob

Xylem59

Posted
  • Author
Posted
25 minutes ago, ljm42 said:

You should shut down all of the computers and IOT devices in your house, swap routers, and then start turning things on one at a time so you can evaluate them. You will want to make sure that everything comes up with an IP address in the correct subnet.

 

It looks like you have Unraid set to get an IP from DHCP, so after it boots you want to make sure it gets an IP on the 10.15.15.x subnet, along with all of your other computers and non-IOT devices.

 

Unraid should need no special handling for this change, unless you have hard-coded the old IP address in scripts or bookmarks or whatever.

Is it better to not use dhcp and create a fix ip for unraid ? 

Link to comment
ljm42 Experienced

ljm42

Posted
Posted
3 minutes ago, Xylem59 said:

Is it better to not use dhcp and create a fix ip for unraid ? 

 

I personally prefer to assign a static DHCP address using the router, that way you can be sure there are no IP conflicts on the network.

 

Regardless of how the IP is assigned, the critical thing is that it has to be an address in your PRIVATE_LAN subnet, not an IP that was assigned by the old router.

  • Thanks 1
Link to comment
Xylem59 Noob

Xylem59

Posted
  • Author
Posted (edited)
16 minutes ago, trurl said:

Use DHCP on your server. In your router, reserve a fixed IP for the MAC address of your server.

Sorry, I am learning as I go: 

Can you explain your previous comment?

1- DHCP for the IP on unraid? But the IP comes from the router when it will be turned on? 

2- Fix IP on pfsense for the unraid server using Mac, using DHCP lease I guess?

I am confused it seems to be eggs or chicken first. 

 

 

Edited by Xylem59
Link to comment
Frank1940 Veteran

Frank1940

Posted
Posted
39 minutes ago, Xylem59 said:

2- Fix IP on pfsense for the unraid server using Mac, using DHCP lease I guess?

First, You let the router assign the IP address to the Unraid server using DHCP.

 

Then you go into the router setup and you 'tell' the router to reassign that DHCP address to now be a Static Address.  (The Router normally uses the MAC address of the NIC to track what computer is your Unraid server as that address will never change!  The server name might...)   Whenever the Unraid server or the router is restarted and your Unraid server asks for an IP address, the router looks at the MAC address and see that that address is assigned a Static IP address and acts accordingly. 

 

This whole networking scheme of how things have to work is very carefully thought out by the people who have to administer thousands of  routers, switches, and computers.  Otherwise, things would be complete chaos!  Designers of Consumer routers implement just enough of all of this so that most people just have to plug it in and it works.  Security is often a secondary concern. 

Link to comment
philliphartmanjr Rookie

philliphartmanjr

Posted
Posted

I was reading through this thread, and I am not trying to be mean but i don't think you will be able to pull off straight out switching out your routers in one swoop. I have a pfsense appliance in my home and tried to switch out like mentioned here and it didn't work. my focus in IT is networking with certifications and I can say pfsense is different from any other gateway that I have used and was a much larger learning curve than I expected. I would recommend setting your existing router with at least the main ip address range that you plan on using that way you can configure pfsense and if it does not work no big deal you can just switch back. You mentioned your concern is Plex. Running it locally wont be a problem but getting it set up to run via wan my take you a bit to figure out. If you are buying a pfsense device (that is what i did) depending on which one some of your ports may be on the same physical controller which means you will be stuck creating vlans which will add to the complexity. I do not mean for this to turn you off of the idea I think pfsense is great but i think it will be more involved than you realize. Lastly you really need to put some thought on what you will want to put on your iot network. For example will Plex be iot? If not then what about the devices that will be viewing them? if they are on different ip ranges then plex will go out via wan then back in and that will have an impact on your streaming ability and quality.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing