PFsense Routing Public IP
-
so it's clear, but that's what you're saying....(the OP did not describe it!)
as you can see above I suggested this too++++++many times you learn well when, they lead you through a thought process
not, if they tell you what to do.... -
@DaddyGo I know you did, I'm just suggesting the op to try the most common scenario.
-
Yup, it was a little bit strange thread...
I still hope it is for learning purposesboring just writing solutions?
am I wrong?and here it often happens, here in the forum, so the questioner never looks for things (answers) on his/her own
just get a ready solution.....
like f ....ng fast food restaurants, and meanwhile he/she loves delicious food, though he/she cannot prepare it
(however, pfSense is more than that, although it is a very popular stuff)and tasty
THX
-
Yup, them routing the /29 to your existing IP is a much more likely scenario.
There are some IPs though that will do this with a numberless p2p link on the WAN which pfSense cannot match directly.
Steve
-
@stephenw10 said in PFsense Routing Public IP:
It would be very unusual to see an ISP switching from PPPoE to static IPs on the same modem, in the same mode.
It is not common but it is done. We had what our ISP called a "bridged connection". It confused me for about 30 seconds until the tech explained it. But basically the DSL modem with no router and no method for login.. (Zoom 5715) Then our router set with a static IP. Issue is that security is very lacking in this kind of circuit.
Triggering snowflakes one by one..
Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box. -
@ziggy said in PFsense Routing Public IP:
The connection is vdsl using the isp's modem in bridge mode.
The ISP said this: "I have assigned you xx.xx.xx.185/29 Host Range = { xx.xx.xx.185 - xx.xx.xx.190 }You'll need to reconfigure your router and ensure you drop PPP as the allocation will not be routed until you have".
Well, this is straight and clear.
The isp is asking the client to drop and reconnect ppp so isp provisioning (most probably radius) can also assign the route for the added network.So its pppoe over vdsl with a bridged modem. Its a subnet routed behind a /30 wan.
( i doubt it is unnumbred since this doesn't work with all routers) -
@chpalmer It is not common but it is done.
exactly,
Not too long ago....
This is exactly what happened at the endpoint of one of our more serious customer.
An IP block was required and the original PPPoE connection was terminated.True in this case we are talking about an FTTB and not a modem or other ISP CPE at the endpoint, but from a Raisecom ISCOM GPON SFP (ONT) - which is drives the pfSense WAN.
Ergo there is a switch from PPPoE in the ISPs world of thought and in the solution set.
-
Not the topic, an idea maybe;
My ISP did away with static addressing many years ago, I use PPPoE too but with an ONT. The fascinating thing from this is that I can dial several connections over the ONT (also in bridge mode) and each will get its public IPv4 address and /64 IPv6 block. The amount of addresses I can get doesn't make them static though so, to fix that I tunnel to a cloud-deployed pfSense (or OPNsense for one-click L2 with ZeroTier).
Vultr is my favorite for this, Scaleway is awesome too and dirt cheap but Euro-zone only. They need to assign you an IP to give you service, as long as your instance lives, which is your new front anyway, the address is yours--or you can always reserve it for like a US dollar more. The instance would be like EUR/USD 5 with a data cap around a 1TB/mo. Unlimited in the case of Scaleway. At the prices the static IPv4s were when they were phased out, this workaround at the current exchange rate, which is 2x as high, I'm still saving about 26x the cost per month.
Only your application users (inbound tothe/fromthe cloudfront) would use that anyway, as you'd still be using your local exit for normal traffic. If you just need to reach stuff behind the firewall, ZeroTier is much cheaper than a static IP--free for up to 100 users I believe, but you get support if you pay so it's a win-win. Another option is a reverse proxy, like HAProxy in pfSense and a DDNS updater on meth that updates no matter what while still counting your API calls.
There's Cloudflare's Argo tunnel service too, and their gateway thingy, which is like a forms-auth reverse proxy--sort of like ADFS WAP. If you deploy things that need to know their public address though (TURN, Skype4B Edge), a cloud firewall gives you a real IP, low latency and very lock price. Netgate has another product, maybe it works for that. All I know is that it routes A LOT, like A really LOT.
Now I forgot what I came here for…
Good luck ! -
@skilledinept "Now I forgot what I came here for…
Good luck !"thank you for the little brainstorming
I personally don't like PPPoE it's a tunnel protocol, just think of MTU
and very specifically does no good, for example, to IPS -
@netblues said in PFsense Routing Public IP:
The isp is asking the client to drop and reconnect ppp so isp provisioning (most probably radius) can also assign the route for the added network.
Ha, yeah I think you nailed it here! They are just asking to re-stablish the ppp session. That seems far more likely.
Comprehension fails all round!
Steve
-
SOLVED
Just a quick thank you for all your contributions but an especial thanks to netblues for this "Well, this is straight and clear. The isp is asking the client to drop and reconnect ppp so isp provisioning (most probably radius) can also assign the route for the added network."
That paragraph really opened my eyes and allowed be to proceed and get the public ip routed to opt1 interface.
Thanks again
