Routing part of a /28
-
I have a subnet from ISP that is xx.xx.72.49 - xx.xx.72.61 useable. (xx.xx.72.49/28)
My ISP Gateway is xx.xx.72.62
I have a pfSense box on xx.xx.72.49 with Gateway set to xx.xx.72.62.
Everything works well NAT'ed through the pfSense firewall, of course. That's the standard setup.I have a possible client that wants 5 ip addresses.
My initial thought is that I can create vlan100.
Pass the 5 IP address THROUGH pfSense across vlan100 direct to his machines/switches.I have created the vlan100 in pfSense and on the switch.
What do I do to pass the 5 IP addresses?I saw something about VIP, but that looks like passing internal network to external Public IP. I want to pass 5 IP from the /28 block direct to his switch on using vlan100. I only have the two NIC for now.
Is this possible?
-
The real answer is that the ISP should be giving you a /29 for your interface then routing the /28 to an address on that.
Anything you would do to put a part of that /28 as it is on an inside interface would be an ugly hack. If you want to route a subnet you need a routable subnet.
-
Understood. Does that mean I can do 1:1 using virtual IP for each static outside of my pfSense boxes? Then add a static route? So internal address will be what I assign, and the virtual IP will be NAT out.
This will allow my clients to run their IP through pfSense until I get the proper setup.
Also, once I get the proper setup from my fiber build out, how will I go about routing to the /28 subnet. The proper one, not this current way.
-
You can definitely put an interface on the inside and 1:1 NAT addresses in the /28 to it but the hosts on the inside will have real addresses in RFC1918 private space and pfSense will have to NAT for them.