Setup a WAN IP for each physical interface

matthewgcampbell

I have a /29 block of static IPs assigned by my ISP and I'm trying to setup a public WAN IP for multiple each physical interfaces. How do you do something like this?

netblues

@cashew Thats odd. Why you need multiple interfaces on the same subnet?

matthewgcampbell

This post is deleted!

matthewgcampbell

@netblues diagram of what i'm trying to do

netblues

Is the /29 routed "behind" some other wan ip or it is a local subnet, meaning you need 1 ip for the network, one for pf, one for at& gateway and one for broadcast, leaving you with 4 usable ip's?

If it is not routed, then your only option is to assign them as virtual ip's and do a 1to 1 nat to the required hosts.

matthewgcampbell

@netblues that is explained here unsure of how AT&T does it but its just attatched to the link or "street" address they give you.

Derelict

If they are actually routing that to you you can either put one /29 interface, two /30 interfaces, or four /31 interfaces on the inside of pfSense. Or one /30 and two /31. Each pfSense interface will use one of the 8 addresses.

matthewgcampbell

@Derelict So how would I do something like this? Im having trouble configuring the public IPs to individual interfaces on my SG-5100.

Derelict

@cashew I just told you what you need to do. First step is to determine if they are actually routing them to you.

matthewgcampbell

@Derelict So how do you determine that? On their Gateway combo thing you needed to manually configure the static IPs on the WAN link. So my understanding is that your connection to them had your "street IP" the 103.22.30.0 and your public IP block in my case the 34.33.48.20/29.

Derelict

I would packet capture on the WAN and ping one of the unused /29 addresses from outside and see if the upstream device ARPs for the address (NOT routed) or just sends the traffic to the MAC address of your WAN (routed).

matthewgcampbell

@Derelict I figured out that on AT&T's side its just configured to send anything that goes to my static ip block to my "street IP" 34.33.48.20/29 -> 103.22.30.0 basically and the 103.22.30.0 is routed via DHCP.

Derelict

34.33.48.20/29 is not a valid /29 CIDR block. .16 or .24 would be.

matthewgcampbell

@Derelict thats a example IP mine is 99.xxx.254.40/29

Derelict

Can only operate on the information given.

First step:

Firewall > NAT, Outbound Switch to Hybrid mode. Create a DO NOT NAT rule on WAN for source 99.xxx.254.40/29.

Create a new inside interface. Number it 99.xxx.254.41 /29

Put hosts on that interface on 99.xxx.254.42 - .46 /29 gateway 99.xxx.254.41

Make firewall rules on the interface to pass the desired outbound traffic.