Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best practice with multiple subnets on WAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 4 Posters 718 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JeGrJ
      JeGr LAYER 8 Moderator
      last edited by

      Hi,

      a customer installation got additional IP ranges (/28s and /29) for their setup. Problem is, the ISP won't route them to their already existent /29 subnet but configured it by using the first IP as their GW address. As WAN and default GW are now on the first /29, how can we best catch those additional subnets/IPs and route them back via their own gateway?

      Thanks,
      Jens

      Don't forget to upvote 👍 those who kindly offered their time and brainpower to help you!

      If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Get a new ISP. They're the ones who need to take a look at whatever "best practices" are in play here.

        You are asking for ugly, hacky workarounds, not best practice (which would be the new subnet routed to an existing address on the /29).

        You might be able to get away with Proxy ARP VIPs on WAN as long as the existing gateway IP address will accept traffic sourced from those addresses. I can't think of anything that will work other than another physical interface on the same layer 2 to them set up as multi-wan if the current gateway will not accept the traffic. Maybe someone else knows.

        You might even be able to create an inside interface using the /28 and, coupled with the proxy ARP VIPs it might work there.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          so let me get this right..

          So you had a /29, lets call it

          1.2.3.0/29

          Where 1.2.3.1 lets say is the ISP an your gateway.  And you have the rest of the 29 to use.

          They then added non adjacent /28 and another /29..  but instead of routing this to your say 1.2.3.2/29 address they just created these layer 3 networks on the same layer 2 your 1.2.3.0/29 is on??

          Yeah with Derelict here - Get a new ISP ;)  That is not how you would best practice do it, that is not how it should ever be done.. If they can not just increase your first /29 with adjacent space and give you say a /27 to give you the IPs you wanted then they should route your new networks to your existing network.  So the you can do whatever you want with them.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            I've the same situation on a pfSense, two /29 and one /28, non adjacent and not routed. Each subnet has its gateway.
            Each unique utilizable address of the ranges is added as VIP to the WAN interface and there is only one upstream gateway set in pfSense and any response is routed to it.

            Why want you route packets back to the proper subnet gateway while they are also accepted by the first GW?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.