Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Single WAN multiple Public IP's through LAN interface

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 3 Posters 2.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      Jimmy_uk
      last edited by

      Hi,

      I'm trying to figure out how to achieve this setup, I'm kind of new to this level of networking, I'm a software developer by trade!

      I have multiple IP's from my ISP, they have installed a Modem and given me the following details:

      Gateway: xxx.xxx.13.2/3
      External IP: xxx.xxx.13.2/31
      Network IP:  xxx.xxx.48.56/29

      At the moment i have configured a PFsense WAN that sits on: xxx.xxx.13.2/30 to get us online, this goes directly into a Modem to an EFM line.

      I need to setup a multiple "tenancy" network, so that I can issue out public IP's to users to put into their routers (not all PFsense) (i.e give out IPs from the xxx.xxx.48.56/29 range.)

      I've drawn a Diagram of what i want to achieve, I've seen it done before but never setup a system like it from scratch.

      How would I configure the "edge" router? it's not to do any filtering or anything, the management is so that i can change any settings i need to by hooking up a cable directly to the box.

      Hope someone can help or point me in the right direction.

      Thanks

      Jimmy

      network.png
      network.png_thumb

      1 Reply Last reply Reply Quote 0
      • R Offline
        reqlez
        last edited by

        Hi.

        If you want to issue internal IPs to those 3 routers you can do 1:1 NAT and assign a public IP to an internal IP. Most of the time that gets the job done.

        But if you have a specific case where you NEED to give the routers public IPs, you need something called transparent bridging.

        Take a look at this guide here and see if it works for you: http://people.pharmacy.purdue.edu/~tarrh/Transparent%20Firewall-Filtering%20Bridge%20-%20pfSense%202.0.2%20By%20William%20Tarrh.pdf

        Do you really need to have public IP addresses on those 3 router WAN interfaces tho ? I see most of the time 1:1 NAT works for everything I have done.

        1 Reply Last reply Reply Quote 0
        • J Offline
          Jimmy_uk
          last edited by

          Thanks for your response.

          Yep i do really need to have Public IP's, They are for tenants who will be using their own routers with firewall rules etc for their office . I've setup 1:1 NAT before however it's not ideal for these requirements.
          I will have go at bridged setup, it's something I've not considered before.

          I assume the IP i setup on the "LAN" interface is xxx.xxx.48.56 and this would become the gateway IP for the routers?

          1 Reply Last reply Reply Quote 0
          • dotdashD Offline
            dotdash
            last edited by

            Why not just use the /30 as the WAN and .57/29 as the LAN on your edge box? Then check the box under advanced to disable the firewall and NAT. Have the tenants use 58-62/29 and have them point to the edge LAN (.57) I f you need a separate private management IP, use an OPT interface. (or just manage via the LAN ip)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.