Our ISP asking strange configuration for WAN Connection

heper

seems fairly common to me.
10.59.126.136/30 is the transit network
176.xx.xx.120/30 is your assigned subnet.

you either use vip's & nat them; or you assign them to client devices on a seperate interface; or you can probably use the for a reverse proxy.

or you don't use them at all

https://docs.netgate.com/pfsense/en/latest/book/routing/routing-public-ip-addresses.html

JKnott

@heper

It looks like he has 2 transit networks, one on 10. and one on 176..

ercan412

@heper said in Our ISP asking strange configuration for WAN Connection:

seems fairly common to me.

I like to know is there is a configuration example for this type of connection. Does PfSense can handle this? I've checked the link, we're using opt1 interface for secondary ISP.

heper

The link provided has an example.
Pfsense can handle this just fine.

Perhaps you should explain what the problem is exactly. Also what do you want to do with your assigned public ipv4 subnet.

Once that is clear, someone will probably ask for relevant screenshots of your current configuration.

stephenw10

If the 176 subnet were, say, a /27 this would not seem unusual. The only odd thing here is that they appear to have given you a /30 routed subnet. Did you pay for some number of public IPs?

You should still be able to connect from the transit subnet IP unless they are explicitly blocking that, which would be unusual.

You should be able to connect from any IP in the 176/30 as a VIP on WAN.

Steve

ercan412

@ercan412 said in Our ISP asking strange configuration for WAN Connection:

10.59.126.138

I've configured like following screenshots. I can't get access to internet right now.

https://ibb.co/mb8FGjS
https://ibb.co/qJnxdsz
https://ibb.co/pQ1339d

ercan412

@stephenw10 said in Our ISP asking strange configuration for WAN Connection:

If the 176 subnet were, say, a /27 this would not seem unusual. The only odd thing here is that they appear to have given you a /30 routed subnet. Did you pay for some number of public IPs?

You should still be able to connect from the transit subnet IP unless they are explicitly blocking that, which would be unusual.

You should be able to connect from any IP in the 176/30 as a VIP on WAN.

Steve

I have one static IP. I've tried 176.xx.xx.121/30 as directly WAN interface IP but it doesn't ping the posible gateway(176.xx.xx.122). Also internet doesn't worked.

ercan412

@heper said in Our ISP asking strange configuration for WAN Connection:

The link provided has an example.
Pfsense can handle this just fine.

Perhaps you should explain what the problem is exactly. Also what do you want to do with your assigned public ipv4 subnet.

Once that is clear, someone will probably ask for relevant screenshots of your current configuration.

Yeah I've checked that example, thanks for the link. But It based on opt1 interface wasn't used scenario. In my setup unfortunately I'm using that interface for secondary WAN Link. I just want to connect Internet with new Radiolink ISP Setup.

stephenw10

The radiolink gateway shows as up I assume? (it responds to ping?)

When you ran that traceroute did you select 176.x.x.12x as the source?
If so it seems more like the provider has a routing issue.

Steve

ercan412

@stephenw10 Radiolink gateway answers the ping

ping 10.59.126.138

Pinging 10.59.126.138 with 32 bytes of data:
Reply from 10.59.126.138: bytes=32 time=35ms TTL=64
Reply from 10.59.126.138: bytes=32 time=42ms TTL=64
Reply from 10.59.126.138: bytes=32 time=96ms TTL=64
Reply from 10.59.126.138: bytes=32 time=36ms TTL=64

Ping statistics for 10.59.126.138:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 35ms, Maximum = 96ms, Average = 52ms

I can ping google dns from 176.xx.xx.121

Results
PING 8.8.8.8 (8.8.8.8) from 176.XX.XX.121: 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=59 time=19.902 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=59 time=19.464 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=59 time=19.441 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 19.441/19.602/19.902/0.212 ms

I can't test internet connection itself because I'm out of office at the moment. I got these results with VPN.

stephenw10

Ok, well that looks good. What's not working then?

Seems like an issue with your outbound NAT config if other clients cannot ping 8.8.8.8. It must be NATing to the 176 IP.

Steve

ercan412

I've couldn't detect what is not working, after upper comment the ISP installed additional router between pfsense and radiolink switch. Now we're using 176.xx IP for the WAN Interface. Thanks for all comments.