Colo server with existing /29... DC adds a /27. How to configure pfSense?
-
Hi there, we have a pfSense install running on a hypervisor that serves a /29 IP allocation. We've run out of IPs, so I put in a request to our DC for additional, and they are adding a /27 to our IP addresses.
How can this be added to pfSense for WAN addressing, without disturbing the existing /29 that is already working fine?
Thanks in advance for any help.
-
Are they routing both those subnets to you via some other IP?
https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html
Steve
-
@stephenw10 No, they just added an entirely new block of addresses with a separate gateway for them. I guess they assume I'll just add them somehow to my router.
-
Hmm, how are you using the /29 currently?
-
@stephenw10 I have it as a main WAN network, with two pfSense VMs on it, to route traffic using the WAN IP addresses to different subnets for different purposes on the Proxmox server it is connected to. My goal is to reconfigure this around on pfSense install on that /29 as a management interface and WAN gateway, and then add support for the other LAN or VLAN networks for their intended IP4 ranges. I don't mind losing any use of the /29 for WAN and just moving everything over to the /27. Does that help answer your question?
-
@k0d3g3ar So you’re using NAT with private IPs on LAN?
-
@SteveITS Yes, I think that is correct. I'd like to have it so that the private LAN network(s) can just NAT from the /27 WAN addresses (ie. firewall port through). I hope I'm explaining that correctly.
-
OK it will be far easier if you switch the pfSense WAN to use the /27 directly then. Just use addresses from it as you are currently with the /29.
You can also add addresses from either subnets as VIPs on WAN and use them but since they require different gateways that makes things more complex.
It would be much easier if they can just route the /27 to you via the current WAN IP in the /29 which most data centers could do.
-
@stephenw10 When you say, "It would be much easier if they can just route the /27 to you via the current WAN IP in the /29..." are you saying that the DC changes the gateway address to be the same for both the /27 and /29 here?
