Bridge to PPPOE /27 Router IP in Subnet
-
Maybe these articles can help:
https://docs.netgate.com/pfsense/en/latest/book/firewall/methods-of-using-additional-public-ip-addresses.html
https://docs.netgate.com/pfsense/en/latest/book/routing/routing-public-ip-addresses.html -
@LawrenceF said in Bridge to PPPOE /27 Router IP in Subnet:
My internal IP's are on the same /27 subnet as the PPPOE connection
I hate when ISPs do that because that's wrong in my opinion and makes things complicated. Have you already asked for a WAN IP outside your /27 net so you can do normal routing? I had this once and the ISP set up a separate transfer net after asking for it and explaining that we want to be able to normally route the net the provided to us.
-
@viragomann Unfortunately not as it's bridging the PPPOE adapter, not the physical that I need to do.
-
@HG Yep, it works with their supplied router, so they tell me I have to use that instead.
-
Do you know how your ISP connects the rest of the /27 network? Do they put all addresses just on the PPPoE link, or do they use your x.x.x.190 as a gateway?
@LawrenceF said in Bridge to PPPOE /27 Router IP in Subnet:
@viragomann Unfortunately not as it's bridging the PPPOE adapter, not the physical that I need to do.
If the addresses are all on the PPPoE link, isn't bridging the PPPoE interface exactly what you need? Anyway, if you think you need to bridge the underlying physical interface, you can easily create it again under Interfaces -> Assignments, if you haven't yet. But usually this is only needed to access the modem directly (e.g. the management interface), but not something from the PPPoE link.
If the addresses are all on the PPPoE link, you could also just assign local IPs on your side and try to set up a 1:1 NAT on your PPPoE interface, maybe just try with an individual IP like x.x.x.161. However, just guessing here, because I never had such a setup myself. ;)
-
@HG 190 is the gateway, and all the addresses are routed to me via 190. So I need to have a physical with the rest of the /27 connected to it, and .190 joined together so I can filter and act as a gateway. Just can't get it to route traffic when I tried bridging the physical to the PPPOE. I'm missing something obvious I'm sure!
-
So if this is the case, I'm not sure that bridging is the correct approach, because in my understanding when bridging, your clients are directly in the ISP's net and the next router is the router on ISP side. No routing takes place on the pfSense.
My understanding is that your /27 net is x.x.x.160/27. I would try this next: Configure on LAN side a x.x.x.160/28 network, so you will have x.x.x.161 - x.x.x.174, so no overlap with x.x.x.190. If your ISP routes everything via x.x.x.190, my expectation would be that this works. If it works, you have a baseline from where you can experiment further on how to use your whole subnet.
-
@HG Thanks for the idea, I'll spin up a few VM's and see if it works then switch it over. Will report back!
-
@LawrenceF curious if you've found a solution for this?
I'm in exactly the same situation, except my ISP only gave me a /29 subnet. PPPoE gives me the first IP with a /32 mask. Other IPs are routed to me, I can create VIPs for 1:1 NAT etc. but can't figure out how to assign public IP to internal hosts. Defining a smaller routed subnet on a LAN device isn't really an option, the range is just too small. I have other LAN devices with internal subnets that must remain working as usual with NAT reaching out via the WAN IP. I fear briding WAN with a unused LAN device will break all that...
-
I messed about with it for a day and gave up and used Linux to do the routing. I set a route via interface rather than an IP and it bridges the PPPOE and ethernet connections happily. Put a transparent PFsense in the middle to look after the subnet and called it done.