Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to assign public IP of /29 block directly to a connected device in pfSense

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • l3radyL
      l3rady
      last edited by

      Ultimately what I want to do is connect a second physically separate gateway, and assign its WAN port one of the public IP addresses given by our ISP.

      So I have the following setup currently and is working.

      Fibre leased line from ISP.
      Fibre comes to ISP box
      Ethernet from ISP box plugs into pfSense WAN port
      pfSense WAN port set as static IP assignment IP: xxx.xxx.xxx.99, GW: xxx.xxx.xxx.98/30
      Add one of the public IP addresses as a virtual IP address in pfSense IP: xxx.xxx.xxx.105/29
      Create a new private network and assign it to a spare ethernet port IP: 10.61.1.5/30
      Connect the second gateway wan port to pfSense and assign the wan a static IP: 10.61.1.6
      In pfSense setup 1:1 NAT and outbound NAT to connect all traffic xxx.xxx.xxx.105 <- between-> 10.61.1.6
      Setup firewall rules in pfSense to allow all traffic between WAN xxx.xxx.xxx.105 and LAN 10.61.1.6
      While this works and the new device talks over the public IP address, the actual gateway thinks it's public IP address is 10.61.1.6, not xxx.xxx.xxx.105. This make configuration of VPN serves impossible for me as the device is wrongly thinking its public IP is a private one.

      To clarify, which is my understanding, I might be wrong, the ISP gateway is xxx.xxx.xxx.98 on a /30 network and have given us a /29 block of IPs that are routable through xxx.xxx.xxx.98/30. From my testing the above rules out being able to connect a switch between the ISP box and pfSense WAN and just assign devices those public IPs of the /29 block.

      Is there any way I can configure the WAN port on the secondary device with the public IP address, connect it to pfSense someway and just get pfSense to route it out to xxx.xxx.xxx.98?

      1 Reply Last reply Reply Quote 0
      • S
        SteveITS Galactic Empire
        last edited by

        I'm not quite sure I followed but I think we have a similar setup in our data center.  Our WAN IP is in a /29 along with its gateway (a data center router).  A /25 is routed to our WAN IP.  pfSense's LAN IP is in the /25 (x.x.x.1) so is the gateway for the "LAN's" public IP addresses.

        If you want a second device in the "outside" /29 you need to set it up in parallel with your pfSense not behind it.  A router won't pass "WAN subnet" traffic back through into the LAN since that's not where it is supposed to go.

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.