Our ISP asking strange configuration for WAN Connection



  • Hello,

    Our new ISP asked us to configure our Router like this (It's PFsense in this case). They've sent IP Configuration like below.

    Network 10.59.126.136/30
    Available IP 10.59.126.138
    Subnet Mask: 255.255.255.252
    Gateway: 10.59.126.137
    Public Network: 176.XX.XX.120/30

    I've set PfSense WAN Interface IP Like below.
    IPv4 Address : 10.59.126.138/30
    IPv4 Upstream Gateway: 10.59.126.137

    They told me I need to create a loopback interface and give Public IP to it and create NAT and route from LAN interface to Loopback Interface.

    I've changed existing loopback interface IP adress with this command at shell.

    ifconfig lo0 inet 176.XX.XX.121 netmask 255.255.255.252

    I've couldn't figure out how I can solve this. I've tried creating Virtual IP, 1:1 NAT, Outbound NAT, static route but none of them worked. I would appreciate if someone help me with some advice.

    I can ping 176.XX.XX.121 and 10.59.126.137 with success. But I can't ping to google dns.



  • @ercan412

    That is bizarre. I would expect there would also be 176.xx.xx.122 at the ISPs end, which you'd have to route to via that gateway. What kind of connection do you have?



  • @JKnott said in Our ISP asking strange configuration for WAN Connection:

    That is bizarre. I would expect there would also be 176.xx.xx.122 at the ISPs end, which you'd have to route to via that gateway. What kind of connection do you have?

    We have Radiolink connection, ISP installed a switch to our rack and told us to use port 1 or 2 to this connection. I've asked themto which technology I have to use for this connection but I can't get a proper reply.



  • seems fairly common to me.
    10.59.126.136/30 is the transit network
    176.xx.xx.120/30 is your assigned subnet.

    you either use vip's & nat them; or you assign them to client devices on a seperate interface; or you can probably use the for a reverse proxy.

    or you don't use them at all

    https://docs.netgate.com/pfsense/en/latest/book/routing/routing-public-ip-addresses.html



  • @heper

    It looks like he has 2 transit networks, one on 10. and one on 176..



  • @heper said in Our ISP asking strange configuration for WAN Connection:

    seems fairly common to me.

    I like to know is there is a configuration example for this type of connection. Does PfSense can handle this? I've checked the link, we're using opt1 interface for secondary ISP.



  • The link provided has an example.
    Pfsense can handle this just fine.

    Perhaps you should explain what the problem is exactly. Also what do you want to do with your assigned public ipv4 subnet.

    Once that is clear, someone will probably ask for relevant screenshots of your current configuration.


  • Netgate Administrator

    If the 176 subnet were, say, a /27 this would not seem unusual. The only odd thing here is that they appear to have given you a /30 routed subnet. Did you pay for some number of public IPs?

    You should still be able to connect from the transit subnet IP unless they are explicitly blocking that, which would be unusual.

    You should be able to connect from any IP in the 176/30 as a VIP on WAN.

    Steve



  • @ercan412 said in Our ISP asking strange configuration for WAN Connection:

    10.59.126.138

    I've configured like following screenshots. I can't get access to internet right now.

    https://ibb.co/mb8FGjS
    https://ibb.co/qJnxdsz
    https://ibb.co/pQ1339d



  • @stephenw10 said in Our ISP asking strange configuration for WAN Connection:

    If the 176 subnet were, say, a /27 this would not seem unusual. The only odd thing here is that they appear to have given you a /30 routed subnet. Did you pay for some number of public IPs?

    You should still be able to connect from the transit subnet IP unless they are explicitly blocking that, which would be unusual.

    You should be able to connect from any IP in the 176/30 as a VIP on WAN.

    Steve

    I have one static IP. I've tried 176.xx.xx.121/30 as directly WAN interface IP but it doesn't ping the posible gateway(176.xx.xx.122). Also internet doesn't worked.



  • @heper said in Our ISP asking strange configuration for WAN Connection:

    The link provided has an example.
    Pfsense can handle this just fine.

    Perhaps you should explain what the problem is exactly. Also what do you want to do with your assigned public ipv4 subnet.

    Once that is clear, someone will probably ask for relevant screenshots of your current configuration.

    Yeah I've checked that example, thanks for the link. But It based on opt1 interface wasn't used scenario. In my setup unfortunately I'm using that interface for secondary WAN Link. I just want to connect Internet with new Radiolink ISP Setup.


  • Netgate Administrator

    The radiolink gateway shows as up I assume? (it responds to ping?)

    When you ran that traceroute did you select 176.x.x.12x as the source?
    If so it seems more like the provider has a routing issue.

    Steve



  • @stephenw10 Radiolink gateway answers the ping

    ping 10.59.126.138
    
    Pinging 10.59.126.138 with 32 bytes of data:
    Reply from 10.59.126.138: bytes=32 time=35ms TTL=64
    Reply from 10.59.126.138: bytes=32 time=42ms TTL=64
    Reply from 10.59.126.138: bytes=32 time=96ms TTL=64
    Reply from 10.59.126.138: bytes=32 time=36ms TTL=64
    
    Ping statistics for 10.59.126.138:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 35ms, Maximum = 96ms, Average = 52ms
    

    I can ping google dns from 176.xx.xx.121

    Results
    PING 8.8.8.8 (8.8.8.8) from 176.XX.XX.121: 56 data bytes
    64 bytes from 8.8.8.8: icmp_seq=0 ttl=59 time=19.902 ms
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=59 time=19.464 ms
    64 bytes from 8.8.8.8: icmp_seq=2 ttl=59 time=19.441 ms
    
    --- 8.8.8.8 ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 19.441/19.602/19.902/0.212 ms
    

    I can't test internet connection itself because I'm out of office at the moment. I got these results with VPN.


  • Netgate Administrator

    Ok, well that looks good. What's not working then?

    Seems like an issue with your outbound NAT config if other clients cannot ping 8.8.8.8. It must be NATing to the 176 IP.

    Steve



  • I've couldn't detect what is not working, after upper comment the ISP installed additional router between pfsense and radiolink switch. Now we're using 176.xx IP for the WAN Interface. Thanks for all comments.


Log in to reply