Xylem59 Posted January 22, 2023 Share Posted January 22, 2023 I am planning on changing my router to a new pfsense box. My current IP is set to 192.169.59.xxx. I would like to create a new set of IP with my new router for personal use 15.15.15.xxx, for guest 15.15.50.xxx and last one for IOT devises 15.15.100.xxx is it not recommended? How will my unraid “react” to that? What are the best practices when changing your router? Thank you. Quote Link to comment
Frank1940 Posted January 22, 2023 Share Posted January 22, 2023 When you are home alone with nothing else to do for the next four to eight hours. 🤣 😈 😇 If you don't have a large block of time set aside for the change-over without having a wife, family and, perhaps, even guests expecting a working Local LAN with Internet access, Mr. Murphy can guarantee it will take at least that long. 1 Quote Link to comment
-MacGyver- Posted January 22, 2023 Share Posted January 22, 2023 (edited) 15.x.x.x is not a private address, you should avoid that if at all possible. If you were to try to hit the public site that has those you could have issues. You didn't say, but if you are the business or entity that owns that public range you can use it. Otherwise don't use public on a private network. These are the private address spaces you should be using: Class A: 10.0.0.0 to 10.255.255.255 Class B: 172.16.0.0 to 172.31.255.255 Class C 192.168.0.0 to 192.168.255.255 Outside of using proper classes it's your network setup how you wish. It's then the network rules you need to get right for moving data around. For that best to Google and see what others have done. I'm sure there are a lot of pfsense blogs and YouTube on rules to setup. For example, I needed several rules on my network ( not pfsense) for Sonos and Chromecast devices. When I switched from consumer grade to prosumer I used all 3 classes, the only reason is because I could. Class A 10.x.x.x for vlans, Class B 172.20.x.x for the internal network equipment and Class C 192.168.2.x for guest. TBH Google is your best friend for this. Try ing to edit these out on mobile,won't let me... 😞🙃 Edited January 22, 2023 by klepel Try to edit out errant emoji 1 1 Quote Link to comment
Xylem59 Posted January 22, 2023 Author Share Posted January 22, 2023 49 minutes ago, klepel said: 15.x.x.x is not a private address, you should avoid that if at all possible. If you were to try to hit the public site that has those you could have issues. You didn't say, but if you are the business or entity that owns that public range you can use it. Otherwise don't use public on a private network. These are the private address spaces you should be using: Class A: 10.0.0.0 to 10.255.255.255 Class B: 172.16.0.0 to 172.31.255.255 Class C 192.168.0.0 to 192.168.255.255 Outside of using proper classes it's your network setup how you wish. It's then the network rules you need to get right for moving data around. For that best to Google and see what others have done. I'm sure there are a lot of pfsense blogs and YouTube on rules to setup. For example, I needed several rules on my network ( not pfsense) for Sonos and Chromecast devices. When I switched from consumer grade to prosumer I used all 3 classes, the only reason is because I could. Class A 10.x.x.x for vlans, Class B 172.20.x.x for the internal network equipment and Class C 192.168.2.x for guest. TBH Google is your best friend for this. Try ing to edit these out on mobile,won't let me... 😞🙃 Good point. I will use 10.xxx or 172.xxx. Now in terms of switching my old ip to my new ip, is it going to generate issue with my unraid ? Is my unraid going to change ip? What s the best approach ? Quote Link to comment
Frank1940 Posted January 22, 2023 Share Posted January 22, 2023 30 minutes ago, Xylem59 said: Now in terms of switching my old ip to my new ip, is it going to generate issue with my unraid ? Is my unraid going to change ip? @ljm42, Any comments if OP is using SSL/TLS? Quote Link to comment
Xylem59 Posted January 22, 2023 Author Share Posted January 22, 2023 30 minutes ago, Frank1940 said: @ljm42, Any comments if OP is using SSL/TLS? I don't know. I am using default setting for unraid, and my router. Quote Link to comment
Frank1940 Posted January 22, 2023 Share Posted January 22, 2023 50 minutes ago, Xylem59 said: I don't know. I am using default setting for unraid, and my router. Look here: If the setting is "Yes" you are, if "No" you aren't. Quote Link to comment
ljm42 Posted January 22, 2023 Share Posted January 22, 2023 4 hours ago, Xylem59 said: How will my unraid “react” to that? What are the best practices when changing your router? In general I would say this is fine. In practice, it depends on how much customization you have done and if anywhere in that customization you hard-coded the old IP address. Having said that, someone is reporting some odd behavior with an IP change over here: https://forums.unraid.net/topic/134052-wrong-local-acces-url-in-management-access-after-changing-servers-ip/#comment-1218233 You might want to keep an eye on that thread. 2 hours ago, Frank1940 said: @ljm42, Any comments if OP is using SSL/TLS? This should not be a problem. Once the system gets a new IP it will update the config files. Then, assuming the system is able to access the Internet it will run UpdateDNS to report the new IP so we can update DDNS. You can see what it submits by running this command: php /usr/local/emhttp/plugins/dynamix/include/UpdateDNS.php -v Quote Link to comment
Frank1940 Posted January 22, 2023 Share Posted January 22, 2023 30 minutes ago, ljm42 said: This should not be a problem. Once the system gets a new IP it will update the config files. Then, assuming the system is able to access the Internet it will run UpdateDNS to report the new IP so we can update DDNS. You can see what it submits by running this command: That is assuming that he does not run into this problem: https://forums.unraid.net/topic/132136-update-your-legacy-ssl-certificate-now/#comment-1200615 OP, I suspect that Pfsense may well have DNS rebinding turned off. Most commercial and prosumer routers do. Most consumer routers do not have it turned off... Quote Link to comment
ljm42 Posted January 22, 2023 Share Posted January 22, 2023 2 minutes ago, Frank1940 said: OP, I suspect that Pfsense may well have DNS rebinding turned off. Most commercial and prosumer routers do. Most consumer routers do not have it turned off... I was focused on the fact that they wanted to change their IP range. But you are right, if you are changing routers and want to use a myunraid.net certificate, you will need to make sure that DNS Rebinding is disabled on that router. It might be easiest to disable SSL (Settings -> Management Access -> Use SSL = no) before switching routers, that way you will definitely be able to access the webgui via http://ipaddress. After switching to the new router/ip the Management Access page will warn if DNS Rebinding is an issue. Quote Link to comment
Xylem59 Posted January 22, 2023 Author Share Posted January 22, 2023 Thank you all for your responses so far. So, if I create my new ip on my new router to be 10.15xxx will my unraid stay with 192.168.xxx? My main concern right now is to keep Plex working for the family. -can I lock my old 192.168.xxx for unraid, if yes how? -is it better to use the 10.15.xxx my new router will assigned (DHCP) ? Quote Link to comment
Xylem59 Posted January 22, 2023 Author Share Posted January 22, 2023 1 hour ago, ljm42 said: I was focused on the fact that they wanted to change their IP range. But you are right, if you are changing routers and want to use a myunraid.net certificate, you will need to make sure that DNS Rebinding is disabled on that router. It might be easiest to disable SSL (Settings -> Management Access -> Use SSL = no) before switching routers, that way you will definitely be able to access the webgui via http://ipaddress. After switching to the new router/ip the Management Access page will warn if DNS Rebinding is an issue. it seems that this was already set to NO on the unraid. Quote Link to comment
Xylem59 Posted January 22, 2023 Author Share Posted January 22, 2023 So this is where I am, do I need to plan anything else before turning off the old router and plugging the new one? SSL/TLS: No setup below. Will my unraid IP change? Quote Link to comment
ljm42 Posted January 22, 2023 Share Posted January 22, 2023 You should shut down all of the computers and IOT devices in your house, swap routers, and then start turning things on one at a time so you can evaluate them. You will want to make sure that everything comes up with an IP address in the correct subnet. It looks like you have Unraid set to get an IP from DHCP, so after it boots you want to make sure it gets an IP on the 10.15.15.x subnet, along with all of your other computers and non-IOT devices. Unraid should need no special handling for this change, unless you have hard-coded the old IP address in scripts or bookmarks or whatever. 2 Quote Link to comment
Xylem59 Posted January 22, 2023 Author Share Posted January 22, 2023 25 minutes ago, ljm42 said: You should shut down all of the computers and IOT devices in your house, swap routers, and then start turning things on one at a time so you can evaluate them. You will want to make sure that everything comes up with an IP address in the correct subnet. It looks like you have Unraid set to get an IP from DHCP, so after it boots you want to make sure it gets an IP on the 10.15.15.x subnet, along with all of your other computers and non-IOT devices. Unraid should need no special handling for this change, unless you have hard-coded the old IP address in scripts or bookmarks or whatever. Is it better to not use dhcp and create a fix ip for unraid ? Quote Link to comment
ljm42 Posted January 22, 2023 Share Posted January 22, 2023 3 minutes ago, Xylem59 said: Is it better to not use dhcp and create a fix ip for unraid ? I personally prefer to assign a static DHCP address using the router, that way you can be sure there are no IP conflicts on the network. Regardless of how the IP is assigned, the critical thing is that it has to be an address in your PRIVATE_LAN subnet, not an IP that was assigned by the old router. 1 Quote Link to comment
trurl Posted January 22, 2023 Share Posted January 22, 2023 Use DHCP on your server. In your router, reserve a fixed IP for the MAC address of your server. Quote Link to comment
Xylem59 Posted January 22, 2023 Author Share Posted January 22, 2023 (edited) 16 minutes ago, trurl said: Use DHCP on your server. In your router, reserve a fixed IP for the MAC address of your server. Sorry, I am learning as I go: Can you explain your previous comment? 1- DHCP for the IP on unraid? But the IP comes from the router when it will be turned on? 2- Fix IP on pfsense for the unraid server using Mac, using DHCP lease I guess? I am confused it seems to be eggs or chicken first. Edited January 22, 2023 by Xylem59 Quote Link to comment
Frank1940 Posted January 22, 2023 Share Posted January 22, 2023 39 minutes ago, Xylem59 said: 2- Fix IP on pfsense for the unraid server using Mac, using DHCP lease I guess? First, You let the router assign the IP address to the Unraid server using DHCP. Then you go into the router setup and you 'tell' the router to reassign that DHCP address to now be a Static Address. (The Router normally uses the MAC address of the NIC to track what computer is your Unraid server as that address will never change! The server name might...) Whenever the Unraid server or the router is restarted and your Unraid server asks for an IP address, the router looks at the MAC address and see that that address is assigned a Static IP address and acts accordingly. This whole networking scheme of how things have to work is very carefully thought out by the people who have to administer thousands of routers, switches, and computers. Otherwise, things would be complete chaos! Designers of Consumer routers implement just enough of all of this so that most people just have to plug it in and it works. Security is often a secondary concern. Quote Link to comment
philliphartmanjr Posted January 22, 2023 Share Posted January 22, 2023 I was reading through this thread, and I am not trying to be mean but i don't think you will be able to pull off straight out switching out your routers in one swoop. I have a pfsense appliance in my home and tried to switch out like mentioned here and it didn't work. my focus in IT is networking with certifications and I can say pfsense is different from any other gateway that I have used and was a much larger learning curve than I expected. I would recommend setting your existing router with at least the main ip address range that you plan on using that way you can configure pfsense and if it does not work no big deal you can just switch back. You mentioned your concern is Plex. Running it locally wont be a problem but getting it set up to run via wan my take you a bit to figure out. If you are buying a pfsense device (that is what i did) depending on which one some of your ports may be on the same physical controller which means you will be stuck creating vlans which will add to the complexity. I do not mean for this to turn you off of the idea I think pfsense is great but i think it will be more involved than you realize. Lastly you really need to put some thought on what you will want to put on your iot network. For example will Plex be iot? If not then what about the devices that will be viewing them? if they are on different ip ranges then plex will go out via wan then back in and that will have an impact on your streaming ability and quality. Quote Link to comment
philliphartmanjr Posted January 22, 2023 Share Posted January 22, 2023 I would say my personal preference is to assign a static ip to unraid get it working then if you want you can assign the static ip in pfsense later if you want. Static ip in pfsense is just another layer of complexity. Plus if unraid has a static ip that you know you can always access it if you have to just assign your pc in that same ip range and you are good. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.