Disabling NAT on routers connected to pfSense PPPoE
-
We have a requirement to disable NAT on an Ubiquiti EdgeRouter v1.7.0. I have removed the NAT rules and on the left hand side it says NAT is disabled. This does not give us an internet connection when we set the IP addresses on the servers. The Internet port is PPPoE which is enabled and connected. We need the remaining ports to be Non-NAT. I want to avoid DMZ as well.
We are a new WISP, which use Ubiquiti PTP/PTMP antennas to send internet to offices. It has been suggested to run PPPoE on a pfSense server in our comms room, then authenticate the PPPoE on the clients router. The connecting antennas are all in bridge mode.
In cases where the customer uses external IT companies, they dont want a "double-NAT" setup and I dont want to have to open ports and do router config's every time they make a change to their internal network.
So I want to have the Edgemax router do the PPPoE and traffic shaping, disable NAT and firewall, then give the IT company the external IP, Subnet and Gateway (usually a /29 range).
I want to have this configuration on all of our customers, not just the ones who use other IT companies.
It has been advised to do the following -
the easiest (IMO) solution then is to give them the /29 on their WAN interface, and route it over either an RFC1918 or RFC6598 subnet on your side up to your headend routers (no NAT, as they're using a public address, and the RFC1918 / 6598 addresses are only being used as transit for their publics).
EDIT –> this is assuming of course that you have TWO different subnets.
Subnet 1 -> YOUR SUBNET -- something like a.b.c.d/24
Subnet 2 -> YOUR TRANSIT -- IP between you and your ISP, e.g. 1.2.3.4/30How can I achieve this on pfSense? We have a static IP range on our lease line and a /25 routed range, next hop to the pfSense server.
The link to the Ubiquiti forum thread is here
https://community.ubnt.com/t5/EdgeMAX/Disable-NAT-on-EdgeRouter/m-p/1409807#U1409807