Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple public IP multiple routers...

    Scheduled Pinned Locked Moved Routing and Multi WAN
    10 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cellhelp
      last edited by cellhelp

      Hello,

      I have a dedicated internet with 32 ip adress. I would like to give a router to all clients, so they can have an ip for themselve. Is it possible to have a dhcp routing for public ips?

      I would like all the clients to have a tp-link or whatever router they already have. I would like the client to plug their router and pfsense give them their public ip address from my pool. I would like to authenticate the client by mac adress. If the mac adress is good, then they can give an public ip adress.

      This looks like a dhcp server with mac adresss, how would I route that?
      Is pfsense able to do that?

      1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by

        Let's recap:

        You have 32 addresses. So you probably have a /27 network assignment?
        Do you have that network routed to you via a transit network or does the ISP/uplink provider have an IP in that network, too? E.g. did you get that network with "ISP GW is .1, your first IP is .2, last IP is .30" or something alike?

        If your ISP has a GW in the same network your setup won't work (or only with a few downfalls).

        If your ISP assigned you that network AND routed it to you via a transit network other then that /27 - then yes, what you want would be possible. You could simply define some sort of "DMZ" or "Clients" interface, attach a switch, configure DHCP with static address mappings and MAC verification and use your public /27 network as the DHCP range. All clients of yours then tell you their router-MAC, you enter it as a static mapping into the DHCP server and hand out the public IPs. With the option to allow only known devices via MAC only those clients that gave you their MAC can plug it in and get an IP.

        Best wishes

        Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        • C
          cellhelp
          last edited by cellhelp

          Ah, that why they gave me another routing parameters. Yes, I have a 8 or 9 ip on a different network. I have a fiber connection coming in the building. And the 2 set of networks works. i've been running it static on switches. i rather run it on dhcp.

          But how would I run the second network? Will the address on dhcp will show the original public ip per router and have it come back on the second network? Im trying to understand the process. DHCP serving Public IP via mac filtering and the WAN is another network?

          Will the routing know this is a different public, and not private? Because the ip address of the 2nd network will show up I think.

          1 Reply Last reply Reply Quote 0
          • JeGrJ
            JeGr LAYER 8 Moderator
            last edited by

            If that /27 network is routed to you via another network (/29 I assume as that would be an 8 IP net) then you can simply route it and setup an additional interface with that /27 network as you like. If you got .1 - .31 then just configure pfSense' client interface on .1 and setup manual DHCP for .2-.31

            There is no NAT to configure there if you want your clients to have a public IP. As the IP range 1-31 is routed to your WAN IP, there's no NAT on your side to configure (besides NOT doing NAT on the Client interface) and simply hand out the IPs you want (and add firewall rules). You can configure private networks or other things on a separate network/LAN to your likings.

            Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

            1 Reply Last reply Reply Quote 0
            • C
              cellhelp
              last edited by cellhelp

              I tried to run it local first with no dhcp just 1 static to see if its works. so I have it setup the gateway with the /29, I create another interface, but what do i put for gateway? Do I put 1 ip address of that 31 ip address? And the router what would be the default gateway, the ip I create on the lan side of pfsense, or the gateway of the /29 ip address?

              pfsense
              So WAN I put the gateway of the /29

              LAN side, do I put on ip address of the 32 ip.

              router of the client at home
              I put the ip addess, the gateway is it the pfsense lan side ip or the wan gateway?

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by johnpoz

                Let me get this right.. Your providing internet to paying clients? And can not figure out what IP to setup on pfsense to route a /27 behind it? After JeGr gave you explicit instructions?

                And you don't understand what the gateway would be for clients in this /27?

                How is it your involved in doing this? Is this some class homework you have or something?

                The gateway of clients in the /27 would be the IP you set on pfsense interface.. And yes you can setup the dhcp server in pfsense to only hand out IPs to specific mac addresses..

                Please tell me this some sort of class assignment ;)

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • C
                  cellhelp
                  last edited by cellhelp

                  It works fine with a private ip. 192.168.x.x , but when i put the client the public ip that I have. setup on the client lan side. It shows the /29 gateway as external and not the public ip address that I assigned. Its not a class assignment. I had the client on private ip for a few months now. I would like to give them their public ip.

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    @cellhelp said in Multiple public IP multiple routers...:

                    It shows the /29 gateway as external

                    It what?

                    If you want to hand devices behind the public space that is routed to you.. They have to be using it.. Pfsense has to have an IP set out of that space on it.. Your dhcp range will change when you change pfsense IP from rc1918 to public on its lan, etc.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      DHCP does not care if addresses are public or private. What matters here is how the upstream provisioned the /27 for you.

                      Answer ONE question:

                      Is the /27 routed to another interface subnet by the ISP or is the /27 the interface subnet?

                      If it is NOT routed to you and you want to use the service to assign addresses to downstream routers, I would call the upstream and tell them you want a ROUTED subnet.

                      If it is routed to you then just put it on an inside interface and you're done. If you don't have enough addresses to give each client a /30 or /31, they will all be in the same broadcast domain and you'll have to deal with all the problems putting multiple ISP customers on the same broadcast domain gets you.

                      If all of this is jibber-jabber to you, you should probably either seek professional design assistance or get studying, labbing, etc before you try to become an ISP.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        @Derelict said in Multiple public IP multiple routers...:

                        If all of this is jibber-jabber to you

                        My money is on this statement ;)

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.