Introduction

You need to change the public IP address of your PFSense appliance / virtual machine to an address on a different subnet. This might be most useful if you have set up PFSense on a LAN and you now need to move it to a WAN.

Problem

The error WAN IP is on a different subnet than default Gateway is displayed when changing the WAN IP address.

If you had PFSense configured with the WAN on a private address range, you cannot then move PFSense to a public IP address range using the web interface.

Solution

Although you can’t complete this task using the web interface, you can do this through the shell. Connect to the shell either using the maintenance menu or using SSH and use option 3 to reconfigure the interface IP addresses. Enter the new IP and gateway details for the WAN then reboot. Note from this point on, you will not be able to access PFSense from the old IP address so make sure you are prepared for this.

Second problem

When you change the gateway, the old gateway is still the default.

You will not be able to reach the Internet from servers behind PFSense and you will not be able to reach the Internet from the PFSense console / shell.

Solution

Login to the PFSense web UI then change the default gateway.

This is managed under System \ Routing.

First remove the old gateway on the private address range.

Then under the gateway table, select the default gateway from the list. You can’t leave this to auto in my experience as this doesn’t automatically set the one and only gateway remaining in the list as the default.

Reboot PFSense again to make sure everything is still working as expected.