Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing part of a /28

    Scheduled Pinned Locked Moved Routing and Multi WAN
    4 Posts 2 Posters 470 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      newburns
      last edited by

      I have a subnet from ISP that is xx.xx.72.49 - xx.xx.72.61 useable. (xx.xx.72.49/28)

      My ISP Gateway is xx.xx.72.62

      I have a pfSense box on xx.xx.72.49 with Gateway set to xx.xx.72.62.
      Everything works well NAT'ed through the pfSense firewall, of course. That's the standard setup.

      I have a possible client that wants 5 ip addresses.
      My initial thought is that I can create vlan100.
      Pass the 5 IP address THROUGH pfSense across vlan100 direct to his machines/switches.

      I have created the vlan100 in pfSense and on the switch.
      What do I do to pass the 5 IP addresses?

      I saw something about VIP, but that looks like passing internal network to external Public IP. I want to pass 5 IP from the /28 block direct to his switch on using vlan100. I only have the two NIC for now.

      Is this possible?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        The real answer is that the ISP should be giving you a /29 for your interface then routing the /28 to an address on that.

        Anything you would do to put a part of that /28 as it is on an inside interface would be an ugly hack. If you want to route a subnet you need a routable subnet.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • N
          newburns
          last edited by

          Understood. Does that mean I can do 1:1 using virtual IP for each static outside of my pfSense boxes? Then add a static route? So internal address will be what I assign, and the virtual IP will be NAT out.

          This will allow my clients to run their IP through pfSense until I get the proper setup.

          Also, once I get the proper setup from my fiber build out, how will I go about routing to the /28 subnet. The proper one, not this current way.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            You can definitely put an interface on the inside and 1:1 NAT addresses in the /28 to it but the hosts on the inside will have real addresses in RFC1918 private space and pfSense will have to NAT for them.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.