Static IP Block & CenturyLink Fiber w. PPPoE
-
In reading through various posts and videos, it seems using Virtual IPs with the WAN set as a Static IP makes for an easy task in using any of the static IPs available to you from your ISP.
At the network edge, I have removed CenturyLink's "modem", pfSense is working well directly with the ONT. However, It appears that pfSense has acquired the "Gateway" Address that Century Link provided. My understanding is that if the Century Link modem was present, it would be this gateway.
When ordering the static service they gave me a block of 8, the IPs for the following:
Network
Gateway
Broadcast
Addresses (range of 5)My question... How do I leave pfSense directly attached to the ONT and handling the PPPoE, while still having the ability through 1:1 NAT, VLANs, or some other way to assign our various usable Static IPs?
-
I've continued working on this. Experimenting with a Juniper EX 4200 switch between the ONT and the pfSense box. The thought is to have the juniper switch take care of the PPPoE and VLAN tagging. From there, run 5 wan interfaces on the pf box, for each static IP.
-
You should just be able to add the additional public IPs as virtual IPs on the WAN and then 1:1 NAT them to the internal IPs.
The only difficulty with this type of setup is that some ISPs will route the entire subnet to you via the ppp connection directly which does not have to have an IP at all. That allows the ISP router to use the full subnet on it's LAN which is something pfSense cannot currently replicate. But you're not doing that so there should be no problem.
Steve
-
Steve,
Thanks for the insight.
Oddly enough, or perhaps my lack of understanding, in setting up our vpn initially- the client would get assigned one of the static IPs from our ISP.
I had not gone the 1:1 NAT route on top of the VIPs. I’ll give that a try later today.
-Bryan
-
@stephenw10 That worked beautifully. Thank you for your expertise. I went looking for the most complicated answer when it was so simple!
Where can I send the beer?
-
Ha, you could send it to Netgate HQ but someone will probably have drunk it before I get there.
Glad you got it running.
Steve