PPPoe WAN with additional IPs

rpsmith

My ISP assigns me a static IP via PPPoE. I asked for 4 additional Static IPs and they gave me a /30 subnet and said it would be routed out the WAN.

So I have tried every combination of "virtual ip" and "proxy arp" that I could think of but no luck so far.

I'm assuming when I get it configured correctly I should be able to ping the additional addresses just as I can now ping my primary IP.

Any help would be gratefully appreciated!

Regards, Roy..

rpsmith

Further testing shows that a ping packet to one of the additional WAN addresses comes in the Primary WAN IP and gets set right back out to the gateway and the gateway sends it right back so it keeps this up until the TTL times out. All this is without any Virtual IP entries as it seems to make no difference if I have something there or not.

Roy...

rpsmith

Well I think I may have figured it out but the company involved is 850 miles away so I won't know for sure until Monday when I can talk to someone.

Here's what I think at this point. The ISP is forwarding those 4 extra IPs to my primary WAN IP so no Virtual IPs are required. For what I want to do with those extra addresses, a 1:1 NAT rule is required for each one, that points to a specific PC on the LAN. If it works like I think it will, those PCs will use one of those 4 addresses as a source address when the access websites on the Internet.

So if I missed something here please let me know. Will post back Monday with an update.

Roy...

netblues

@rpsmith This is a classic isp setup.
The /30 is the wan link. You get two usable ip's one is for your interface and the other is the remote gateway.
It could be static, or most often , be assigned to you via ppp negotiation.

Now, the new static ip's are routed by the isp as being behind your wan ip. If they are a subnet (ie a /29) then you could assign it to another interface, and have 6 usable.
Its better to make them virtual ip's and do a 1:1 to the real host.

rpsmith

@netblues - Well it appears that they are all usable from what I can tell. Will confirm that on Monday. Also, I tried every virtual ip setting I could come up with to no avail. It's possible I missed a step or two.

Thanks for your input. Roy...

stephenw10

It sounds more like they are routing the /30 to you via the existing WAN IP. So you would use those IPs directly. You can use that as a subnet on an internal interface and configure it to be routed only (no outbound NAT), which is what would usually be done here, but with a /30 that would only give you 2 usable IPs and one would be the pfSense interface IP.

What exactly have you tried? I would expect to be able to use those IPs as IPAliases.
Maybe try adding one as an IPAlias on localhost and then pinging out from it.

Steve

JKnott

@stephenw10 said in PPPoe WAN with additional IPs:

but with a /30 that would only give you 2 usable IPs and one would be the pfSense interface IP.

And the other would be the ISP's router. To have at least 4 usable addresses, you'd need a /29.

stephenw10

If you use it as a subnet on the firewall the other would be some internal host you have.

You should still be able to use all 4 if they are used an VIPs though.

Steve

rpsmith

Well the /30 turns out to be 4 additional WAN IPs that they are routing to me via my primary WAN IP and not an actual subnet; so no Virtual IPs are required. All I needed to do was to setup a 1:1 NAT for the two PC involved and now they use their respective public IP when sending traffic out to the Internet.

BTW, the ISP I'm dealing with is is Nex-Tech in Kansas.

Thank you all for your help!

Roy...

stephenw10

Nice. You would still need VIPs for those IPs to use them in some parts of the gui. Places wher you select an external IP from a dropdown menu. That's what the VIP type 'other' is for but you could also use IPAliases.

Steve

rpsmith

@stephenw10 - Thanks Steve! I've added those 4 addresses as "other" and I'm sure that will come in handy later on when I need to use those addresses for other purposes.

Right now I'm using them only to temporarily solve a strange problem I'm having with two websites not responding to two of my users unless their from address is a different address then my primary one.

My ISP is trying to run down this problem but for now this 1:1 NAT workaround is getting the job done.

Roy...