Multiple wan ip blocks on a single interface
-
@demonmaestro said in Multiple wan ip blocks on a single interface:
TLDR: How do I DHCP my public /24 IP block off my VLAN and have no NAT but keep Firewall rules?
So this /24 is "routed" too you? via your /29 - that would be a normal sort of setup where the /29 is your transit.. If that is the case you would put your /24 on lan side vlan/network and setup pfsense IP in this vlan to .say .1 of your /24 and use it just like any rfc1918 behind pfsense, just turn off outbound nat for that network.
This would be one of those scenarios where turning off automatic outbound nat makes sense.. Just outbound nat your rfc1918 vlans and not your public vlans.. If the /24 is routed to you, you could even subnet it out break that /24 up into multiple subnets/vlans..
-
So basically i got it setup correctly?
Or what am I doing wrong. -
@demonmaestro said in Multiple wan ip blocks on a single interface:
he issue is when I go to check "whatismyipaddress" it comes back with x.x159.74.
You seem to have not done your outbound nat correctly if you seeing your transit IP. Or this /24 is not actually routed to you?
-
interface (vlan) source(x.x.163.0/24) destination * NAT Address set to NO NAT
-
Dude post up your outbound nat page please... So your doing a hybrid?
-
The folks at Lawrencesystems got me hooked up. Ended up being a bridge issue.
Thank you for your help @johnpoz
-
A bridge issue? You made zero mention any bridges ;)
-
I didn't have a bridge.
A bridge was needed.Sometimes in life a bridge is needed in life to get from point A to point B.
-
No a bridge would NOT be needed if the traffic was "routed" to you as I asked..
So they don't have it routed just directly connected <shakes head> these isp and complete lack of any networking understanding at all. If you have a /29 already, this makes for a perfect transit network for your /24.. Directly attaching it sad really.
-
Then how would you go about it? If you want the /24 on a vlan,IPs DHCP to the computers/servers,block certian ports?
-
Already told you exactly how you do it... But you can not do that if its not actually routed to you... If you bridged your wan to your lan.. Then its not routed..
-
I just got off the phone with the ISP and they said that both IPs are setup on the interface. So working with a bridge is the correct way to set this up.
Sorry for the issues this may have caused. -
Not the way I would do it no... I would just use vips and do a 1:1 nat..
Atleast then you could subnet your /24 and it it for multiple networks behind vs just bridged to single L2..
Can you get them to actually just route that /24 to you.
-
the /29 i am using 1:1 and vips
The /24 there is way too many IPs to 1:1 for my use case.
But as far as subneting it out. I might do that on other blocks down the road.
Thank you again for your help.
-
Your not going to be able to subnet it out if its directly connected and your bridging it.
Why is /24 too many for a 1:1? Not like you have to setup each on on its own, you just do a 1:1 for the whole /24
Your x.x.163.0/24 would just map to say 192.168.163/24 where .1 is .1 and .2 is .2 and so on..
The correct solution for using a /24 would be for the /24 to be routed to you..
