Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP 5 Fixed IP

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 6 Posters 933 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      geyser
      last edited by

      I just got a new Internet connection, with 5 fixed IP addresses.

      Problem is I have never seen a setup like what the provider is suggesting.

      They issue IP by DHCP. Using your MAC address to ensure you get the same fixed IP every time.

      Sounds, OK... but how do you do that with PFSense being connected to their appliance?

      The provide a single RJ45 connection, which I plug into PFSense WAN port.

      They have provided a single IP address, because I present a single MAC address.

      What they suggested was to plug their RJ45 cable into a switch and then have 5 devices plugged into a switch. That sounds stupid to me.

      Is there some way I can appear to have 5 devices (virtual interface or something?) so the firewall can get five IP addresses?

      P johnpozJ 2 Replies Last reply Reply Quote 0
      • RainMistMeR
        RainMistMe
        last edited by RainMistMe

        Did they say you had to use all 5 for some reason? I think they supply 5 for those that don't have a router but do have multiple devices. Personally I'd just use one for a period of time then spoof a mac address in pfsense which should cause the next of the 5 to be used, and continue that 3 more times until all 5 were used. Which would, to some extent, increase your security by changing your external WAN IP, thus causing any hacker to have to work a little bit harder.

        It would seem the days of a truly dynamic WAN IP are going by the wayside. Bummer!

        Good Luck!

        1 Reply Last reply Reply Quote 0
        • B
          bfeitell
          last edited by bfeitell

          RCN offers this, and my friend has it. What you need is an inexpensive dirty side switch between your pfSense box and the cable modem. You may plug additional devices into the switch and they will each get a routable public IP address. An unmanaged 8 port gigabit switch will do the trick, or even a 10/100 switch if the available bandwidth is below 100Mbps.

          For example, you could keep a commodity Wifi router hooked up and still have net access when you bring down your primary firewall. You could keep a VOIP device connected and retain telephone service while your pfSense box reboots. Right now my friend has a high end Cisco device connected that is part of a lab he and his co-workers are setting up at disparate locations, including a CoLo in another state. Having spare public IPs is an excellent feature.

          1 Reply Last reply Reply Quote 0
          • P
            P3R @geyser
            last edited by

            @geyser said in DHCP 5 Fixed IP:

            What they suggested was to plug their RJ45 cable into a switch and then have 5 devices plugged into a switch. That sounds stupid to me.

            It's not stupid if you have additional devices that need direct internet access. Then it's great. If you don't have that need presently, I see no reason to use more than one address.

            I managed to nag enough to get 4 IPs and I'm super happy for them when being able to preconfigure VPN-nodes locally before on-site deployment, when testing equipment and for a primitive firewall redundancy (unfortunately automatic failover isn't supported for DHCP WAN, even when they as here are semi-static).

            1 Reply Last reply Reply Quote 0
            • G
              geyser
              last edited by

              Looks like my best option is to set a PFSense box with multiple ports, plugged into a dirty switch like @bfeitell mentions.

              We need multiple incoming IP addresses for email, different IP addresses are used for different incoming email servers.

              So either a PFSense box with multiple ports, or use multiple PFSense boxes for each public IP address.

              Certainly different than anything I have setup before.

              1 Reply Last reply Reply Quote 0
              • B
                bfeitell
                last edited by bfeitell

                You can also set up multiple WAN interfaces on a single pfSense box, but things get a little weird where all the WAN IPs share a common gateway upstream. My friend uses a secondary WAN for web traffic that is port forwarded to a web server on a restricted vlan inside.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Urgh, yeah that's ugly.

                  They have to be DHCP? No way to get static IPs?

                  I have seen similar setups where we used CARP VIPs to get additional MAC addresses but you can't set them to DHCP and the upstream device may reject CARP MACs anyway.

                  Steve

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @geyser
                    last edited by

                    @geyser said in DHCP 5 Fixed IP:

                    with 5 fixed IP addresses.

                    Are they all in the same L3 network? Or do you get them from all over the place? What is the mask on the IP you get?

                    If they are creating reservations for your Macs for the IPs - once they have been given you can just setup these other IPs as vips on your 1 interface. Pfsense is not going to let you setup another interface getting an IP in the same network as 1st interface. Atleast not static - might let you if dhcp? Anything other than VIP would require a switch..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      You could bridge the WAN to an internal interface and have clients there pull IPs directly from your ISP.
                      You can still filter the traffic across the bridge.

                      Steve

                      1 Reply Last reply Reply Quote 1
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.