Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bridging part of WAN Subnet

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    4 Posts 2 Posters 625 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      james_h
      last edited by james_h

      After a request for additional IP addresses to my ISP, I was hoping they would provide a transport subnet and an additional routed subnet that I could assign to an Interface. This is not the case and the ISP can only provide a subnet on the WAN and will be presenting a /27 to the WAN which I can assign statically.
      I need to use a combination of Bridging and NAT as I want some devices behind the firewall to have Public IP Addresses on a specific interface. I want to continue to use NAT on another interface.
      I also want to be able to use limiters on the additional Public IPs
      I have 3 interfaces - WAN / LAN / OPT1. If I assign WAN / OPT1 to a BRIDGE, then assign one public IP to the BRIDGE interface itself I assume any devices on OPT1 can be assigned other IPs in the Public Subnet using the GW of the ISP. I believe I can then use firewall rules and limiters on the BRIDGE interface itself.
      Where I am confused, will my existing LAN now NAT to the BRIDGE Interface if this is where the IP is assigned?

      WAN Subnet - 1.1.1.1/27
      ISP CPE - 1.1.1.2
      WAN / OPT1 = BRIDGE
      BRIDGE - 1.1.1.3, GW 1.1.1.2

      Usable IP on BRIDGE - 1.1.1.4 - 1.1.1.18, GW 1.1.1.2

      LAN - 192.168.1.1/24
      Outbound NAT - 192.168.0.0/24 to BRIDGE address
      IPs - 192.168.1.2 - 192.168.1.254, GW 192.168.1.1

      NogBadTheBadN 1 Reply Last reply Reply Quote 0
      • NogBadTheBadN Offline
        NogBadTheBad @james_h
        last edited by NogBadTheBad

        @james_h

        Can't you do a 1:1 NAT, with a combination of an exta switch on the WAN port ?

        https://docs.netgate.com/pfsense/en/latest/nat/1-1.html

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        J 1 Reply Last reply Reply Quote 0
        • J Offline
          james_h @NogBadTheBad
          last edited by

          @nogbadthebad I really wanted to present the public ip to the end device as it will be a router.

          I'm going to set this up in my lab and see where it goes.

          1 Reply Last reply Reply Quote 0
          • J Offline
            james_h
            last edited by

            I got his all working in my lab without issue, rolling into production will need planning as WAN will need re-configured and drop my remote connection.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.