pfSense + ONT Routing LAN IPS WAN Pool

Wilfredo Salas

Hello guys, best regards... I need your help to configure my small network... I tell you: I have purchased the service via fiber optics, my ISP gives me the following inputs: VLAN 100, IP-WAN 201.xxx.50.160 /30, IP-LAN 201.xxx.48.96/29, gives me an ONT configured with a LAN network... How can I use the public IP block. I am currently using pfSense 2.7.0. How can I create the VLAN and be able to use the IPs to view services? Thanks in advance.

stephenw10

@Wilfredo-Salas said in pfSense + ONT Routing LAN IPS WAN Pool:

gives me an ONT configured with a LAN network

The ONT is passing pfSense a private IP address? One of those public IP addresses?

How do you want to use the public IPs?

@Wilfredo-Salas said in pfSense + ONT Routing LAN IPS WAN Pool:

be able to use the IPs to view services

I'm not sure what you mean by that.

Steve

Wilfredo Salas

@stephenw10 Hello They were, greetings. Thanks for answering. Yes, the ONT that my ISP gave me is configured in Router mode, it has a private network 192.168.100.0/24... The parameters that my ISP gives me are VLAN 100, IP-WAN 201.xxx.50.160/30, IP-LAN 201.xxx.48.96/29... what I really want is to be able to use the public IP block (IP-LAN 201.xxx.48.96/29) to be able to publish my services using pfSense.

Wilfredo Salas

@stephenw10 I have created and configured VLAN 100 in pfSense, but I still don't know how to access the public IP POOL.

stephenw10

If the WAN subnet is 201.xxx.50.160/30 I'd expect to see the pfSense WAN IP at 201.xxx.50.162/30 with a gateway of 201.xxx.50.161. Or maybe the other way around.
Is that what you are using?

If the ISP are routing the /29 to you via the WAN IP you can either add the IPs in that subnet as VIPs on the WAN or use the full /29 subnet internally on a different interface directly.

Wilfredo Salas

@stephenw10
I tried to do it as indicated, defining the WAN IP and VLAN on an interface in pfSense, but I can't establish communication... in fact, this is the IP and gateway that the ONT uses. Currently I use a private IP provided by the ONT 192.168.100.2 and as a gateway 192.168.100.1... I am a bit confused... I have created VLAN 100 in pfSenese and defined the VIPs but I can´t still access the POOL of public IPs /29

If you need any additional information so you can help me configure my network, I would greatly appreciate it, Stephen.

stephenw10

Oh OK if the ONT is using those public IPs and issuing private IPs then it's acting as a router and not just as an ONT. If you can set it in 'bridge' or 'modem' mode you should be able to use that /30 directly on pfSense.

If not then you will need to set the "ONT" to either route the /29 to pfSense or to use the /29 on it's own LAN so pfSense can then use those on it's WAN.

Wilfredo Salas

@stephenw10 Hello Stephen, the last thing you recommend is what I have tried to do, use the /29 through the ONT LAN, but I have not been able to, I have tried several configurations... I have not tried changing the operating mode configuration of the ONT in bridge mode, by default the ISP delivers it to me already configured.

stephenw10

Hmm, well I'd assume the ISP is routing the /29 to the local side on the /30 so you either need to get the 'ONT' to route that to pfSense internally or to use it directly. There's nothing pfSense can do with it before that.

Wilfredo Salas

@stephenw10 very grateful Stephen for all your help and guidance. I'll check the routing table on the ONT. Yes, I also think that the problem lies in the configuration in the ONT.

stephenw10

It might have a DMZ pass-through option that simply forwards traffic to pfSense. But that may not be useful if you want to use the public IPs separately.