Routing trough /30



  • Hello, one of my pfSense routers are with packet filter disabled and one of my ISP's gave me /24 routed trough /30... I have one of /30 IP's assigned to WAN and x.x.x.1 from /24 assigned to LAN... Everything working fine... Now I need to do similar thing but this time I have to give some of these IP to third party...
    Can I use 10.x.x.x or 192.168.x.x as transport /30 ? And how can I do this ?

    Thank you.


  • LAYER 8 Global Moderator

    So the /30 is the transit and the /24 is routed too you.. Sure you can do whatever you want with that /24 downstream.. You can carve it up and route it downstream, hand it direct off your pfsense if you wanted with different subnet.

    Or sure you could use rfc1918 as your downstream transit.. I really wouldn't recommend it. Carve up a subnet out of the /24 to use for transit network(s) to downstream.. to where your clients are that want a piece of the /24 you have.

    How much are you wanting to carve up to hand to downstream?



  • How to do downstream routing ? If I divide /30 from my /24 and another let say /28 I can make interface with one of /30 IP's but where to set that /28 should go trough that /30 ?


  • LAYER 8 Global Moderator

    So you want a downstream /28

    Ok lets say have 1.2.3.0/24

    So lets break that up so you can get a /28 downstream..

    So
    first split is
    1.2.3.0/25
    1.2.3.128/25

    So now we break up the first /25
    1.2.3.0/26
    1.2.3.64/26

    Then lets break it up again
    1.2.3.0/27
    1.2.3.32/27

    Then again
    1.2.3.0/28
    1.2.3.16/28

    So lets say you want to give 1.2.3.16/28 to your customer... Then you can break up that first /28 into multiple /30

    So you have
    1.2.3.0/29
    1.2.3.8/29

    So then you have first /30 would be

    1.2.3.0/30
    so you have 1.2.3.1 and 1.2.3.2 to use

    So you create a route to 1.2.3.2 to get to 1.2.3.16/28

    Really trying to figure out you are involved in such a project without knowing how to subnet out space?

    As to where you make it go - what device are you putting the .2 on - where is the customer device, ie the downstream router... Your not trying to do this over the internet are you?



  • @johnpoz I think you are misunderstand me... Where I am asking how to break /24 ? That /28 was just for example... That what I am asking for is just where should I go (witch menu) to create that route from ? You can read my previous post again :) I have my own LAN in my neighborhood, so yes I don't try to do this over internet :)


  • LAYER 8 Global Moderator

    the tab that says Routing ;)

    0_1545562825860_routing.png

    And you have to create the gateway first. Then the routes.

    You only need to do that if the networks are not going to be directly attached to pfsense. if you hang a /28 off a different interface of pfsense there is no need for routing.



  • Thank you very much for answers :) I will make a test setup and then try on top of it...



  • I did it ^^ :) All working ok...
    I try to do it from machine with enabled Packet Filer and NAT... I created new VLAN and assign interface (OPT4 in my case) to it, then I assign IP from random chosen /30 (10.11.10.1) to it and create firewall rule in OPT4 to pass traffic... Then I create gateway and set IP 10.11.10.2 in it... In outbound NAT tab 10.11.10.0/30 appeared automatically... I make static routing for 10.1.1.0/24 and as gateway i set that i created before... After that I create rule in firewall on OPT4 to pass traffic from 10.1.1.0 /24... I go to switch and set the VLAN... In another machine witch is only router with PF disabled i assign 10.11.10.2 to WAN and 10.1.1.1 to LAN...
    Now for testing purposes i set 10.1.1.10 to my PC with 10.1.1.1 as gateway and i have internet and i can write this post trough this setup :)

    Merry Christmas 👍


  • LAYER 8 Global Moderator

    Thought you wanted to route a public downstream.. Why would you want/need to nat your transit IPs?

    At a loss to what any of that rfc1918 stuff has to do with routing your public?



  • I wanted to learn how to do it with pfSense :) So I assembled test setup... Now when I have completed this step I have no problem to route public IP's same way :) I just missing chunks in how it should be done, but now i am happy :)
    You mention static routing (witch i never used before) and gateway and they do the trick... Thank you :)