Add interface so tenant can use their own router with public IP and speed limit
-
Hi all,
First post, please be gentle…. I wasn't sure of the terminology so I've had a hard time searching for answers.
So,.. I have a PF sense box setup and working with a WAN interface that has a /28 set of public IPs (we use 6 so have a few spare). I have 2 interfaces setup as LANs with DHCP,DNS etc all working on each (10.20.30.0 & 10.20.40.0).
We have great broadband and some spare office space so we're going to help another business (6 users) for a few months and let them move into a spare office.
I want to let them bring their existing network gear (router, small switch & PCs) and set them up so their router can use one of our public IPs and limit their bandwidth (100Mbps).
On the PFsense box I have 2 unused interfaces... I want to add an interface that they can plug the WAN port of their router into, be able to use a single public IP of our /28 set and set a traffic shaper bandwidth limit on this interface. Their router is a Draytek 2830 & can use a static WAN IP - the rest of the config I want to leave as is so when they leave its easy for them...
I guess its sort of like being a proxy ISP in a way..
If anyone can help/point me in the direction for a guide etc.. or even just correct my terminology so I can search better. I've been looking for "router behind pfsense", "pfsense as isp" etc...
Many thanks!!
-
Basically, you'd be bridging WAN to that interface and firewall everything that doesn't match the static IP you want that tenant to use.
-
Do it right.
Tell your ISP to give you a small WAN interface subnet for your WAN interface, say a /29 or /30, and to route the /28 to that instead of putting so many addresses on the interface.
Then you can do what you want how it should be done without this hacky bridging.
