Add interface so tenant can use their own router with public IP and speed limit



  • Hi all,

    First post, please be gentle….  I wasn't sure of the terminology so I've had a hard time searching for answers.

    So,..  I have a PF sense box setup and working with a WAN interface that has a /28 set of public IPs (we use 6 so have a few spare).  I have 2 interfaces setup as LANs with DHCP,DNS etc all working on each (10.20.30.0 & 10.20.40.0).

    We have great broadband and some spare office space so we're going to help another business (6 users) for a few months and let them move into a spare office.

    I want to let them bring their existing network gear (router, small switch & PCs) and set them up so their router can use one of our public IPs and limit their bandwidth (100Mbps).

    On the PFsense box I have 2 unused interfaces...  I want to add an interface that they can plug the WAN port of their router into, be able to use a single public IP of our /28 set and set a traffic shaper bandwidth limit on this interface.  Their router is a Draytek 2830 & can use a static WAN IP - the rest of the config I want to leave as is so when they leave its easy for them...

    I guess its sort of like being a proxy ISP in a way..

    If anyone can help/point me in the direction for a guide etc.. or even just correct my terminology so I can search better.  I've been looking for "router behind pfsense", "pfsense as isp" etc...

    Many thanks!!



  • Basically, you'd be bridging WAN to that interface and firewall everything that doesn't match the static IP you want that tenant to use.


  • LAYER 8 Netgate

    Do it right.

    Tell your ISP to give you a small WAN interface subnet for your WAN interface, say a /29 or /30, and to route the /28 to that instead of putting so many addresses on the interface.

    Then you can do what you want how it should be done without this hacky bridging.


Log in to reply