Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Google Fiber Business with /29 public ip block

    Scheduled Pinned Locked Moved
    NAT
    2
    3
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chucklehead
      last edited by

      I need some help with properly setting up wan from Google Fiber and using the /29 block they provide us.

      Normally I would add virtual ip's and then port forward/outbound nat. I can get the port forwards to work, but I cannot get outbound nat.

      (For the sake of simplicity/clarity These are not my real ip's, but the octets are similar)
      The WAN interface has to be set to DHCP. Once connected I get

      123.41.2.11/23 with a gateway 123.41.2.1 via DHCP.

      Google Fiber provides us with /29

      123.40.10.240/29 (note the static block is in a seperate subnet.)

      According to their limited documentation

      When you enable multiple static IPs on your account, your router must request a dynamic WAN address via DHCP. Google Fiber will then route a subnet to your network, which provides multiple IP addresses. One static IP must be used as a gateway to the Internet. You can use the remaining static IP addresses for your own hosts. Your router must support this secondary subnet on the LAN side as a secondary address or via VLAN.

      Inbound works
      2022-09-21_13-02-22.png
      But outbound is still showing NAT'ed as the WAN ip
      2022-09-21_13-04-07.png
      I recall a setup a while back on a pppoe connection where I had to assign a physical interface the first usable ip address in the block AND set another usable ip as the gateway address.

      IE OPT2
      123.40.10.241/29 gateway: 123.40.10.246

      ^ leaving 242-245 available. But the devices I need to NAT are virtual and pass to/from the lan with static routes.

      Any help would be greatly appreciated.

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @chucklehead
        last edited by

        @chucklehead Sounds like Google intends for you to use the public IPs on the LAN side. That's how one would set up, say a data center, without NAT. Are you using IP aliases with that second block? I've not tried that so I'm genuinely asking. I suspect it won't work as you want because the ISP gateway sends the packet to the WAN IP and you're trying to reply using a different IP.

        As opposed to, say, them assigning a /29 and using one of the IPs as your gateway (on their end) so your IPs talk directly to that IP as your gateway. IOW they've added an extra layer.

        Using manual rules only do you have a rule below those for the entire subnet? Typically Hybrid is used which does that by default.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        C 1 Reply Last reply Reply Quote 0
        • C
          chucklehead @SteveITS
          last edited by

          @steveits Figured it out. The lan is the "wan" of the Unifi gateway device that runs the internal network. NAT was enabled there so everything coming to the pfsense lan was natt'ed... disabled that NAT and everything started working.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.