I had this same issue and what worked for me is creating a floating rule on the downstream PfSense to allow WAN to LAN connections. YMMW.

https://www.netgate.com/docs/pfsense/virtualization/virtio-driver-support.html

That'll do it! 😉

2.3.2... I just don't get this.. Why would you not be on at least 2.3.5p2? 2.3.2 is no longer supported.. And to be honest the 2.3.x line is EOL here soon.. Like tmrw ;)

https://www.netgate.com/blog/pfsense-release-2-3-x-eol-reminder.html

Yes. Just like you would with an rfc1918 network.

If they routed 1.1.1.0/25 to you:

Interface: 1.1.1.1 /25
Usable: 1.1.1.2 - 1.1.1.126
They'd set 1.1.1.1 as the gateway.
Or you could configure DHCP to hand out the addresses if you wanted.
You could also just use a /26, /27, /28, /29, /30, /31 on the inside interface and use the rest of the space for other purposes.

@rico I had a similar issue. Thanks for your advice!!

@grimm-spector Exactly, it will work just fine :)