Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static IP Block & CenturyLink Fiber w. PPPoE

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cholla
      last edited by

      In reading through various posts and videos, it seems using Virtual IPs with the WAN set as a Static IP makes for an easy task in using any of the static IPs available to you from your ISP.

      At the network edge, I have removed CenturyLink's "modem", pfSense is working well directly with the ONT. However, It appears that pfSense has acquired the "Gateway" Address that Century Link provided. My understanding is that if the Century Link modem was present, it would be this gateway.

      When ordering the static service they gave me a block of 8, the IPs for the following:
      Network
      Gateway
      Broadcast
      Addresses (range of 5)

      My question... How do I leave pfSense directly attached to the ONT and handling the PPPoE, while still having the ability through 1:1 NAT, VLANs, or some other way to assign our various usable Static IPs?

      1 Reply Last reply Reply Quote 0
      • C
        cholla
        last edited by

        I've continued working on this. Experimenting with a Juniper EX 4200 switch between the ONT and the pfSense box. The thought is to have the juniper switch take care of the PPPoE and VLAN tagging. From there, run 5 wan interfaces on the pf box, for each static IP.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          You should just be able to add the additional public IPs as virtual IPs on the WAN and then 1:1 NAT them to the internal IPs.

          The only difficulty with this type of setup is that some ISPs will route the entire subnet to you via the ppp connection directly which does not have to have an IP at all. That allows the ISP router to use the full subnet on it's LAN which is something pfSense cannot currently replicate. But you're not doing that so there should be no problem.

          Steve

          1 Reply Last reply Reply Quote 1
          • C
            cholla
            last edited by

            Steve,

            Thanks for the insight.

            Oddly enough, or perhaps my lack of understanding, in setting up our vpn initially- the client would get assigned one of the static IPs from our ISP.

            I had not gone the 1:1 NAT route on top of the VIPs. I’ll give that a try later today.

            -Bryan

            1 Reply Last reply Reply Quote 0
            • C
              cholla
              last edited by

              @stephenw10 That worked beautifully. Thank you for your expertise. I went looking for the most complicated answer when it was so simple!

              Where can I send the beer?

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                Ha, you could send it to Netgate HQ but someone will probably have drunk it before I get there. 😉

                Glad you got it running.

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.