Bridging part of WAN Subnet
-
After a request for additional IP addresses to my ISP, I was hoping they would provide a transport subnet and an additional routed subnet that I could assign to an Interface. This is not the case and the ISP can only provide a subnet on the WAN and will be presenting a /27 to the WAN which I can assign statically.
I need to use a combination of Bridging and NAT as I want some devices behind the firewall to have Public IP Addresses on a specific interface. I want to continue to use NAT on another interface.
I also want to be able to use limiters on the additional Public IPs
I have 3 interfaces - WAN / LAN / OPT1. If I assign WAN / OPT1 to a BRIDGE, then assign one public IP to the BRIDGE interface itself I assume any devices on OPT1 can be assigned other IPs in the Public Subnet using the GW of the ISP. I believe I can then use firewall rules and limiters on the BRIDGE interface itself.
Where I am confused, will my existing LAN now NAT to the BRIDGE Interface if this is where the IP is assigned?WAN Subnet - 1.1.1.1/27
ISP CPE - 1.1.1.2
WAN / OPT1 = BRIDGE
BRIDGE - 1.1.1.3, GW 1.1.1.2Usable IP on BRIDGE - 1.1.1.4 - 1.1.1.18, GW 1.1.1.2
LAN - 192.168.1.1/24
Outbound NAT - 192.168.0.0/24 to BRIDGE address
IPs - 192.168.1.2 - 192.168.1.254, GW 192.168.1.1 -
Can't you do a 1:1 NAT, with a combination of an exta switch on the WAN port ?
https://docs.netgate.com/pfsense/en/latest/nat/1-1.html
-
@nogbadthebad I really wanted to present the public ip to the end device as it will be a router.
I'm going to set this up in my lab and see where it goes.
-
I got his all working in my lab without issue, rolling into production will need planning as WAN will need re-configured and drop my remote connection.
