Multiple public IP multiple routers...



  • Hello,

    I have a dedicated internet with 32 ip adress. I would like to give a router to all clients, so they can have an ip for themselve. Is it possible to have a dhcp routing for public ips?

    I would like all the clients to have a tp-link or whatever router they already have. I would like the client to plug their router and pfsense give them their public ip address from my pool. I would like to authenticate the client by mac adress. If the mac adress is good, then they can give an public ip adress.

    This looks like a dhcp server with mac adresss, how would I route that?
    Is pfsense able to do that?


  • LAYER 8 Moderator

    Let's recap:

    You have 32 addresses. So you probably have a /27 network assignment?
    Do you have that network routed to you via a transit network or does the ISP/uplink provider have an IP in that network, too? E.g. did you get that network with "ISP GW is .1, your first IP is .2, last IP is .30" or something alike?

    If your ISP has a GW in the same network your setup won't work (or only with a few downfalls).

    If your ISP assigned you that network AND routed it to you via a transit network other then that /27 - then yes, what you want would be possible. You could simply define some sort of "DMZ" or "Clients" interface, attach a switch, configure DHCP with static address mappings and MAC verification and use your public /27 network as the DHCP range. All clients of yours then tell you their router-MAC, you enter it as a static mapping into the DHCP server and hand out the public IPs. With the option to allow only known devices via MAC only those clients that gave you their MAC can plug it in and get an IP.

    Best wishes



  • Ah, that why they gave me another routing parameters. Yes, I have a 8 or 9 ip on a different network. I have a fiber connection coming in the building. And the 2 set of networks works. i've been running it static on switches. i rather run it on dhcp.

    But how would I run the second network? Will the address on dhcp will show the original public ip per router and have it come back on the second network? Im trying to understand the process. DHCP serving Public IP via mac filtering and the WAN is another network?

    Will the routing know this is a different public, and not private? Because the ip address of the 2nd network will show up I think.


  • LAYER 8 Moderator

    If that /27 network is routed to you via another network (/29 I assume as that would be an 8 IP net) then you can simply route it and setup an additional interface with that /27 network as you like. If you got .1 - .31 then just configure pfSense' client interface on .1 and setup manual DHCP for .2-.31

    There is no NAT to configure there if you want your clients to have a public IP. As the IP range 1-31 is routed to your WAN IP, there's no NAT on your side to configure (besides NOT doing NAT on the Client interface) and simply hand out the IPs you want (and add firewall rules). You can configure private networks or other things on a separate network/LAN to your likings.



  • I tried to run it local first with no dhcp just 1 static to see if its works. so I have it setup the gateway with the /29, I create another interface, but what do i put for gateway? Do I put 1 ip address of that 31 ip address? And the router what would be the default gateway, the ip I create on the lan side of pfsense, or the gateway of the /29 ip address?

    pfsense
    So WAN I put the gateway of the /29

    LAN side, do I put on ip address of the 32 ip.

    router of the client at home
    I put the ip addess, the gateway is it the pfsense lan side ip or the wan gateway?


  • LAYER 8 Global Moderator

    Let me get this right.. Your providing internet to paying clients? And can not figure out what IP to setup on pfsense to route a /27 behind it? After JeGr gave you explicit instructions?

    And you don't understand what the gateway would be for clients in this /27?

    How is it your involved in doing this? Is this some class homework you have or something?

    The gateway of clients in the /27 would be the IP you set on pfsense interface.. And yes you can setup the dhcp server in pfsense to only hand out IPs to specific mac addresses..

    Please tell me this some sort of class assignment ;)



  • It works fine with a private ip. 192.168.x.x , but when i put the client the public ip that I have. setup on the client lan side. It shows the /29 gateway as external and not the public ip address that I assigned. Its not a class assignment. I had the client on private ip for a few months now. I would like to give them their public ip.


  • LAYER 8 Global Moderator

    @cellhelp said in Multiple public IP multiple routers...:

    It shows the /29 gateway as external

    It what?

    If you want to hand devices behind the public space that is routed to you.. They have to be using it.. Pfsense has to have an IP set out of that space on it.. Your dhcp range will change when you change pfsense IP from rc1918 to public on its lan, etc.


  • LAYER 8 Netgate

    DHCP does not care if addresses are public or private. What matters here is how the upstream provisioned the /27 for you.

    Answer ONE question:

    Is the /27 routed to another interface subnet by the ISP or is the /27 the interface subnet?

    If it is NOT routed to you and you want to use the service to assign addresses to downstream routers, I would call the upstream and tell them you want a ROUTED subnet.

    If it is routed to you then just put it on an inside interface and you're done. If you don't have enough addresses to give each client a /30 or /31, they will all be in the same broadcast domain and you'll have to deal with all the problems putting multiple ISP customers on the same broadcast domain gets you.

    If all of this is jibber-jabber to you, you should probably either seek professional design assistance or get studying, labbing, etc before you try to become an ISP.


  • LAYER 8 Global Moderator

    @Derelict said in Multiple public IP multiple routers...:

    If all of this is jibber-jabber to you

    My money is on this statement ;)


Log in to reply