• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to assign public IP of /29 block directly to a connected device in pfSense

Scheduled Pinned Locked Moved HA/CARP/VIPs
2 Posts 2 Posters 2.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L Offline
    l3rady
    last edited by May 12, 2017, 10:11 AM

    Ultimately what I want to do is connect a second physically separate gateway, and assign its WAN port one of the public IP addresses given by our ISP.

    So I have the following setup currently and is working.

    Fibre leased line from ISP.
    Fibre comes to ISP box
    Ethernet from ISP box plugs into pfSense WAN port
    pfSense WAN port set as static IP assignment IP: xxx.xxx.xxx.99, GW: xxx.xxx.xxx.98/30
    Add one of the public IP addresses as a virtual IP address in pfSense IP: xxx.xxx.xxx.105/29
    Create a new private network and assign it to a spare ethernet port IP: 10.61.1.5/30
    Connect the second gateway wan port to pfSense and assign the wan a static IP: 10.61.1.6
    In pfSense setup 1:1 NAT and outbound NAT to connect all traffic xxx.xxx.xxx.105 <- between-> 10.61.1.6
    Setup firewall rules in pfSense to allow all traffic between WAN xxx.xxx.xxx.105 and LAN 10.61.1.6
    While this works and the new device talks over the public IP address, the actual gateway thinks it's public IP address is 10.61.1.6, not xxx.xxx.xxx.105. This make configuration of VPN serves impossible for me as the device is wrongly thinking its public IP is a private one.

    To clarify, which is my understanding, I might be wrong, the ISP gateway is xxx.xxx.xxx.98 on a /30 network and have given us a /29 block of IPs that are routable through xxx.xxx.xxx.98/30. From my testing the above rules out being able to connect a switch between the ISP box and pfSense WAN and just assign devices those public IPs of the /29 block.

    Is there any way I can configure the WAN port on the secondary device with the public IP address, connect it to pfSense someway and just get pfSense to route it out to xxx.xxx.xxx.98?

    1 Reply Last reply Reply Quote 0
    • S Offline
      SteveITS Rebel Alliance
      last edited by May 25, 2017, 7:40 PM

      I'm not quite sure I followed but I think we have a similar setup in our data center.  Our WAN IP is in a /29 along with its gateway (a data center router).  A /25 is routed to our WAN IP.  pfSense's LAN IP is in the /25 (x.x.x.1) so is the gateway for the "LAN's" public IP addresses.

      If you want a second device in the "outside" /29 you need to set it up in parallel with your pfSense not behind it.  A router won't pass "WAN subnet" traffic back through into the LAN since that's not where it is supposed to go.

      Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
      Upvote 👍 helpful posts!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received