Giving 1 WAN-IP of a /29 network to an external router
-
I have a pFsense setup with a /29 network which gets this from a PPPoE connection.
Someone else wants to use his own router and would like to have a WAN-IP.I now have 6 IP's to work with.
1 IP is assigned to the interface with the PPPoE.Let's say I'm getting a 80.80.80.40/29 network.
My pFsense has already 80.80.80.41/29.I created Virtual IP's 80.80.80.42, 80.80.80.43, 80.80.80.44, 80.80.80.45
I Created Outbound NAT rules and I now have 4 VLANs with LANs that have different WAN connections.That's all working!!!
Now to that external party.
I want to assign 80.80.80.46 to VLAN46I created a bridge with the PPPoE interface and igc3.46
So igc3.46 is now on the same interface as the PPPoE (and the other VIP's).Tomorrow I will be returning to that router and I will connect a Fritzbox statically configured to 80.80.80.46 with the gateway 80.80.80.41
But I think it will not work.Why should 80.80.80.41 (the pFsense) route traffic for 80.80.80.46 if I don't explicitly tell it to do so?
So, how can I tell pfsense to route everything from 80.80.80.46 to its PPPoE-gateway?
Shouldn't I set that somewhere? -
@frater
Is NAT not an option for this network?
Assuming the /29 network is routed to a primary PPPoE assigned WAN IP you could simply add an 1:1 NAT to the router behind and add a rule to allow any.
If the network is not routed to you, you could go with a proxy ARP VIP.Tomorrow I will be returning to that router and I will connect a Fritzbox statically configured to 80.80.80.46 with the gateway 80.80.80.41
But I think it will not work.Why should 80.80.80.41 (the pFsense) route traffic for 80.80.80.46 if I don't explicitly tell it to do so?
So, how can I tell pfsense to route everything from 80.80.80.46 to its PPPoE-gateway?Since due to bridging 80.80.80.46 is within an L2 network with pfSense WAN, there is no need to route. The packets will simply pass, presumed it is allowed by a filter rule.
However, I think, you cannot use 80.80.80.41 as gateway, since this is defined on pfSense. So Packets to the routers IP will go directly to the internal router while responses are sent to pfSense. I suspect, this will end up in asymmetric routing issues.So you should rather configure your real upstream gateway on the Fritzbox. But I'm not sure if this can be done on FritzOS, because its IP might lay outside of the /29.
-
First thanks for answering and thinking with me.
"So you should rather configure your real upstream gateway on the Fritzbox. But I'm not sure if this can be done on FritzOS, because its IP might lay outside of the /29."
Yes, That's the only reason why I want to use the IP the Pfsense is getting from the PPPoE-connection as its gateway. A gateway outside of its subnet is not possible in static configuration.
I was unable to go to the location of the router today. That's going to be next week, then. I first wanted to check if the pFsense would route traffic coming from its wan interface.
I don't know if 1:1 NAT is acceptable for a client. I never worked with 1:1 NAT before, because I've never been in a situation where I would need that.
I also don't know if it gives any downsides for the client. I imagine it does for things like uPnP as that external router is not aware of its IP-address on the Internet. -
@frater said in Giving 1 WAN-IP of a /29 network to an external router:
I imagine it does for things like uPnP as that external router is not aware of its IP-address on the Internet.
Yes, so you have to reflect if you realy need that. Most connections work fine with double-NAT.
If that is not an option, it should basically also work with the pfSense WAN IP as gateway. Again, presumed the /29 is routed to you, but not assigned to pfSense itself.
However, you've probably to add sloppy states rules for inbound and outbound traffic.