When configuring TCP/IP settings on the device, you must specify the subnet mask (or IPv6 prefix length). The mask allows the device to determine which IP addresses are on the local network and which IP addresses must be accessed by the gateway in the device's routing table. The default LAN IP address is 192.168.1.1, the mask is 255.255.255.0, or /24 in CIDR notation, and its network address is 192.168.1.0/24.
IP address, subnet and gateway configuration
The TCP/IP configuration of the host consists of an address, a subnet mask (or IPv6 prefix length) and a gateway. The combination of the IP address and the subnet mask allows the host to identify the IP address on its local network. Addresses outside the local network will be sent to the default gateway configured by the host, assuming that the gateway will pass the traffic to the desired destination. An exception to this rule is a static route, which instructs the device to contact a specific non-local subnet accessible through a locally connected router. This list of gateways and static routes is kept in the routing table of each host.
In a typical pfSense deployment, the host is assigned an IP address, subnet mask, and gateway within the LAN range of the pfSense device . The LAN IP address on pfSense becomes the default gateway. For hosts connected via interfaces other than LAN, please use the appropriate configuration for the interface to which the device is connected.
Hosts in a single network communicate directly with each other without the involvement of the default gateway. This means that no firewall (including pfSense) can control host-to-host communication within the network segment. If this function is required, it is necessary to segment the host by using multiple switches, VLANs, or using equivalent switch functions (such as PVLAN). VLAN is covered in virtual LAN (VLAN).