pFSense & BT Static IP Range Configuration

MattCab · Dec 18, 2023, 10:01 AM

We have 2 Netgate pFsense routers at 2 offices and they both connect via PPPOE though a BT Openreach modem. We have 5 static IP addresses associated with our main office. The problem I am having is assigning those static IP address to the WAN interface on the pfSense so we can assign them to local devices as required. It appears BT assign a DHCP address to the WAN and not the static IP. I've looked into this on the forums and cannot find anything to help. Apologies if I have missed something.

Our static ip range (redacted) provided from BT are: xx.xx.xx.129 - xx.xx.xx.133 with a default gateway as xx.xx.xx.134 subnet 255.255.255.248

Thanks in advance.

stephenw10 · Dec 18, 2023, 1:37 PM

It's been a while since I last looked at this. Last time I did I seem to recall they only provide instructions for using the BT Business Hub or whatever they're calling it. In that scenario the hub becomes the gateway IP and you can use the other public IPs locally?
That implies that they route the public subnet to you which makes it easy to deal with in pfSense however I seem to recall that in reality it was a PITA!
So the first thing I would do here it send some traffic from something external toward one of the public IPs inb the subnet and see if it arrives at your WAN in a packet capture.
If it does then they are routing the subnet and you can just use those IPs however you wish.

But I suspect it won't and they need to see those devices respond to ARP in which case you need to add VIPs on the WAN for each IP and doing so will probably hit this bug: https://redmine.pfsense.org/issues/14434

Steve

MattCab · Dec 18, 2023, 2:18 PM

@stephenw10 Hi Steve, Thanks for the reply. Some useful information to look at. So thanks for that Excuse my ignorance but what is PITA?

Yes the BT Hub can be used in bridge mode and setup the static IP's in that and then have the Netgate behind that. I am trying to avoid that and let the Netgate deal with the pppoe and BT Openreach modem just do its thing. It just appears that when you have multiple static IP's it becomes some sort of issue with BT. We will be running a PBX (asterisk) behind the pfsense on one of the LANs and I think we might run into issues with that using a BT hub. I could be wrong and that is maybe for another forum.

Matt.

stephenw10 · Dec 18, 2023, 2:35 PM

Pain In The A***!

Yeah I seem to recall trying to make pfSense replicate what the Hub does so it can use the full subnet was difficult.
But first I'd verify it still behaves like that since that was some years ago. So run some pings and see if those appear in a pcap on the WAN as ping requests or as ARP requests.

Steve

MattCab · Dec 18, 2023, 3:25 PM

@stephenw10 PITA

I believe its still the same as we had to do some 'faffing about' with our old Junipers to get them to work. Used a loopback interface and some 'under the hood stuff' which was setup before my time. They still work but are EOL.

stephenw10 · Dec 18, 2023, 3:31 PM

Hmm, I would still run that test if you can so we can be sure what does arrive. If anything.

If you have details of what you had you to add on the Juniper that would be helpful.