Obviously I'm lacking some networking knowledge, and I wish somebody could help me understand something fishy I found on a pfSense router in an organization yesterday. The pfSense router forces subnet mask of 255.255.240.0 on a LAN gateway like 9.9.192.1. Is this common? It's on ipv4 but it also has a turned off option for ipv6 currently, if that matters.
It's valid, because it works, but the minute you add a new computer or printer to the network and forget about this /20 bits subnet mask quirk, that newly added device acts super wonky and ends up freezing, crashing and/or dropping out of the network. For instance, a printer that had 255.255.255.0 as its subnet mask was receiving only a third of a page to print and would freeze until it's rebooted. I suspect it was receiving more bits and overflowed its RAM or something, hence the freezing. It's not the case of a single cheap printer, it did that to 4 printers out of 5 at this office. Different brands, different models, some 350$ printers, some 80$ printers.
Optional meditation on that gateway:
If a computer AND a printer are both on the 255.255.255.0 subnet mask, they can access the internet, but cannot communicate with each other on the LAN. Computers on 255.255.255.0 can communicate no problem with another computer on the LAN still. Just not computer <–> printer.
If a computer OR a printer has a 255.255.255.0 subnet mask while the other one has a 255.255.240.0 subnet mask, they can communicate to extremely wonky fashion and the printer almost immediately freezes when sent packets, never prints anything more than a third of a page and it crashes/freezes to a point it has to be rebooted (unusable really). Tough, both devices still can access the internet fine.
If both the computer AND a printer have the 255.255.240.0 subnet mask, they communicate super efficiently (instantaneously) without any problem at all, super stable and fast.
Question:
Can anybody explain why a pfSense router's subnet mask wouldn't be all 24 bits (255.255.255.0) like any regular router is? What is the advantage or any reason that could justify this /20 bits subnet mask enforcement? Is it common? Thanks.
Best Answer
9.9.192.1 is an address owned by IBM - so unless they've given it to you, you can't use it on your LAN without causing problems.
A subnet mask of 255.255.240.0 or /20 is completely fine as long as the address range you're using is large enough and either private (192.168.0.0/16, 172.16.0.0/12 or 10.0.0.0/8) or granted to you. Mixing devices with differing network addresses or masks doesn't usually work as you've already noticed.
Usually, your network devices are configured by DHCP, so possibly you just need to correct the scope there. If you're not using DHCP now is a good time to start.
edit 1: You might want to read up on how subnetting works in this good question/answer: How do you calculate the prefix, network, subnet, and host numbers?
edit 2: The subnet mask defines the size of the subnet. Your mask 255.255.240.0 allows for 12 bits = 4,094 host addresses which might be a bit oversized. It doesn't hurt though, except that /24 might be slightly easier to handle.
edit 3: If your can't change the LAN subnet mask on the router just don't do it. Change the mask in the DHCP options and simply don't use the extra 4 bits of host addresses.
edit 4: your screenshot in the other comment - you should add additional details to your question instead - shows the DHCP options. These are most probably inherited from the NIC's network settings which may be the reason why you can't change them. Check the NIC's IP settings and correct the mask there if possible; the DHCP scope is likely to follow.