Tricking a WAN Only Router

abuttino

I have pfSense and ordered a Ubiquity AmpliFi HD Mesh system. Trying to get this all straight before it comes on Monday.

I have been reading all day and think this is the proper forum to ask this question in.

The AmpliFi has some features that aren't available in bridge mode and I really want to get around that.

There has been a discussion on the forums at Ubiquity to disable the DHCP server by having 1 IP in the pool and then reserving that inside the software (some people have said that is a bad idea so, I will pick a MAC from another wired server in my network that is always going to be on a static)

But, it's another main concern that I can't have the WAN and the LAN on the same subnet.

My plan is:
Physical:Modem --> pfSense --> Managed Switch --> AmpliFi

IP Layout: Business Static IP --> 10.0.0.1 --> Windows Server DHCP (10.0.0.100-10.0.0.200)

I would like to have all the computers accessible by the WiFi Mesh Network

On to the AmpliFi and VIP:
I was thinking and hoping I could use a VIP like 192.168.1.1 for the gateway and make the AmpliFi 192.168.1.2 and use 1.1.1.1 for a DNS to satisfy the WAN requirements to "separate the network".

On the LAN side of the AmpliFi config, I will use 10.0.0.240 as the router address and 241 for the only reservation. That way it won't block traffic for my internal network.

My Windows Server DHCP will continue as is and keep doling IP addresses out to use my internal DNS and pfSense as the router.

If this is possible, I would like to know, and the proper rules and NAT rules I would need.

If this isn't the right forum, please mods, move to the right one.

Thanks in advance for all your answers. I really hope this is possible!