pfSense + ONT Routing LAN IPS WAN Pool

Wilfredo Salas · Jul 19, 2024, 6:42 PM

Hello guys, best regards... I need your help to configure my small network... I tell you: I have purchased the service via fiber optics, my ISP gives me the following inputs: VLAN 100, IP-WAN 201.xxx.50.160 /30, IP-LAN 201.xxx.48.96/29, gives me an ONT configured with a LAN network... How can I use the public IP block. I am currently using pfSense 2.7.0. How can I create the VLAN and be able to use the IPs to view services? Thanks in advance.

stephenw10 · Jul 19, 2024, 9:39 PM

@Wilfredo-Salas said in pfSense + ONT Routing LAN IPS WAN Pool:

gives me an ONT configured with a LAN network

The ONT is passing pfSense a private IP address? One of those public IP addresses?

How do you want to use the public IPs?

@Wilfredo-Salas said in pfSense + ONT Routing LAN IPS WAN Pool:

be able to use the IPs to view services

I'm not sure what you mean by that.

Steve

Wilfredo Salas · Jul 20, 2024, 9:19 PM

@stephenw10 Hello They were, greetings. Thanks for answering. Yes, the ONT that my ISP gave me is configured in Router mode, it has a private network 192.168.100.0/24... The parameters that my ISP gives me are VLAN 100, IP-WAN 201.xxx.50.160/30, IP-LAN 201.xxx.48.96/29... what I really want is to be able to use the public IP block (IP-LAN 201.xxx.48.96/29) to be able to publish my services using pfSense.

Wilfredo Salas · Jul 20, 2024, 9:22 PM

@stephenw10 I have created and configured VLAN 100 in pfSense, but I still don't know how to access the public IP POOL.

stephenw10 · Jul 24, 2024, 2:28 PM

If the WAN subnet is 201.xxx.50.160/30 I'd expect to see the pfSense WAN IP at 201.xxx.50.162/30 with a gateway of 201.xxx.50.161. Or maybe the other way around.
Is that what you are using?

If the ISP are routing the /29 to you via the WAN IP you can either add the IPs in that subnet as VIPs on the WAN or use the full /29 subnet internally on a different interface directly.

Wilfredo Salas · Jul 24, 2024, 2:28 PM

@stephenw10
I tried to do it as indicated, defining the WAN IP and VLAN on an interface in pfSense, but I can't establish communication... in fact, this is the IP and gateway that the ONT uses. Currently I use a private IP provided by the ONT 192.168.100.2 and as a gateway 192.168.100.1... I am a bit confused... I have created VLAN 100 in pfSenese and defined the VIPs but I can´t still access the POOL of public IPs /29

If you need any additional information so you can help me configure my network, I would greatly appreciate it, Stephen.

stephenw10 · Jul 29, 2024, 1:18 PM

Oh OK if the ONT is using those public IPs and issuing private IPs then it's acting as a router and not just as an ONT. If you can set it in 'bridge' or 'modem' mode you should be able to use that /30 directly on pfSense.

If not then you will need to set the "ONT" to either route the /29 to pfSense or to use the /29 on it's own LAN so pfSense can then use those on it's WAN.

Wilfredo Salas · Jul 29, 2024, 1:37 PM

@stephenw10 Hello Stephen, the last thing you recommend is what I have tried to do, use the /29 through the ONT LAN, but I have not been able to, I have tried several configurations... I have not tried changing the operating mode configuration of the ONT in bridge mode, by default the ISP delivers it to me already configured.

stephenw10 · Jul 29, 2024, 1:55 PM

Hmm, well I'd assume the ISP is routing the /29 to the local side on the /30 so you either need to get the 'ONT' to route that to pfSense internally or to use it directly. There's nothing pfSense can do with it before that.

Wilfredo Salas · Jul 29, 2024, 2:02 PM

@stephenw10 very grateful Stephen for all your help and guidance. I'll check the routing table on the ONT. Yes, I also think that the problem lies in the configuration in the ONT.

stephenw10 · Jul 29, 2024, 2:28 PM

It might have a DMZ pass-through option that simply forwards traffic to pfSense. But that may not be useful if you want to use the public IPs separately.