Multi-Static IP configuration using bridged Hitron
-
I quote what he wrote in his first message:
My assigned address block is 62.x.x.176-183. The Hitron router is sat on .177, leaving .178-183 as my usable address space
That's the "LAN" side of his Hitron router and that alone tells me that his ISP is not forwarding the /29 any further and the block is in fact terminated at the Hitron.
Just because you're given a subnet doesn't mean that your ISP is doing the right thing and forwarding the block to your own router, they will more often than not just give you their own router configured exactly as this Hitron here.
-
@kpa:
The piece of information missing here is where is this IP block terminated, in other words what is the target IP address for this /29 block. It looks very much like it's terminated at the ISP router but it's not completely clear. If it was routed to his pfSense he could just use that block on his LAN/OPTx network. If not and his ISP can't/doesn't want to change the arrangement then there is no other option than to use VIPs and NAT.
The OP says:
I've just had installed a Hitron router, currently operating in bridge mode, for my Virgin Media Business connection. My assigned address block is 62.x.x.176-183. The Hitron router is sat on .177, leaving .178-183 as my usable address space.
I suspect the .177 is not the router, but the ISP's gateway address.
-
@kpa:
The piece of information missing here is where is this IP block terminated, in other words what is the target IP address for this /29 block. It looks very much like it's terminated at the ISP router but it's not completely clear. If it was routed to his pfSense he could just use that block on his LAN/OPTx network. If not and his ISP can't/doesn't want to change the arrangement then there is no other option than to use VIPs and NAT.
I'm away from the hardware in question, so this is from memory, but…
The Hitron router uses a GRE tunnel to route traffic from itself to what I believe is the Virgin Media data centre. The target IP address is, I think 62.x.x.176 (at the far end of the tunnel), with the Hitron sat on .177.
.178-182 are my 5 IP address I've been allocated and .183 would be the broadcast address, as mentioned above. I don't know if this gives you any useful info. There's a mini-thread discussing the setup here http://community.virginmedia.com/t5/QuickStart-set-up-and/Configuring-5x-Static-IP-s/td-p/3355880
-
@kpa:
I quote what he wrote in his first message:
My assigned address block is 62.x.x.176-183. The Hitron router is sat on .177, leaving .178-183 as my usable address space
That's the "LAN" side of his Hitron router and that alone tells me that his ISP is not forwarding the /29 any further and the block is in fact terminated at the Hitron.
Just because you're given a subnet doesn't mean that your ISP is doing the right thing and forwarding the block to your own router, they will more often than not just give you their own router configured exactly as this Hitron here.
What the OP could do is check the MAC address for that .177 address. If it doesn't match the sticker on the modem, it's the ISPs router.
-
The target IP address is, I think .62.x.x.176 (at the far end of the tunnel), with the Hitron sat on .177.
What address do they give you for your default route?
-
https://www.virginmediabusiness.co.uk/help-and-advice/products-and-services/hitron-router-guide/dynamic-modem-only-mode-user-guide/
They state that once in modem mode only 1 network port will work at a time.
-
The target IP address is, I think .62.x.x.176 (at the far end of the tunnel), with the Hitron sat on .177.
What address do they give you for your default route?
When setting up a laptop plugged into one of the Hitron LAN ports to test connectivity, they suggested an IP address of 62.x.x.178, a netmask of 255.255.255.248 and a Default GW of 62.x.x.177
-
The target IP address is, I think .62.x.x.176 (at the far end of the tunnel), with the Hitron sat on .177.
What address do they give you for your default route?
When setting up a laptop plugged into one of the Hitron LAN ports to test connectivity, they suggested an IP address of 62.x.x.178, a netmask of 255.255.255.248 and a Default GW of 62.x.x.177
If you do an arp -a from the laptop does the mac address of 62.x.x.177 tie in with anything marked on the Hitron ?
-
https://www.virginmediabusiness.co.uk/help-and-advice/products-and-services/hitron-router-guide/dynamic-modem-only-mode-user-guide/
They state that once in modem mode only 1 network port will work at a time.
I have a Hitron GCN3ACSMR, which is in bridge mode. I can plug a 2nd device into it and get another IPv4 address, as is the norm with my ISP. However, this has nothing to do with the issue, that is how the subnet is provided.
-
When setting up a laptop plugged into one of the Hitron LAN ports to test connectivity, they suggested an IP address of 62.x.x.178, a netmask of 255.255.255.248 and a Default GW of 62.x.x.177
That fits in with them providing a /29 to you. You can use any address between .178 and .183, which means pfSense only had to filter and not route or use NAT.
-
The target IP address is, I think .62.x.x.176 (at the far end of the tunnel), with the Hitron sat on .177.
What address do they give you for your default route?
When setting up a laptop plugged into one of the Hitron LAN ports to test connectivity, they suggested an IP address of 62.x.x.178, a netmask of 255.255.255.248 and a Default GW of 62.x.x.177
If you do an arp -a from the laptop does the mac address of 62.x.x.177 tie in with anything marked on the Hitron ?
Almost! arp -a lists .177 as having 1c-ab-c0-f1-26-b2, the sticker on the hitron lists the MAC address as 1c-ab-c0-f1-26-b0 (note difference in last segment).
-
The Hitron will have two or more network interfaces and the one in the sticker might be the MAC address of the internet facing "WAN" interface.
-
@kpa:
The Hitron will have two or more network interfaces and the one in the sticker might be the MAC address of the internet facing "WAN" interface.
The -b0 MAC address seems to be listed as the HFC (Hybrid fibre-coax) MAC address.
