PPPOE => 1 x static IPv4 and a IPv4 /30 Subnet

  • Hello,

    I have the following problem and have been searching the net for a solution for days:

    • FTTH connection directly to the house
    • This delivers a static IPv4 xxx.xxx.xxx.150
    • The pfSense is connected directly to the FTTH via PPPOE and runs without problems in the LAN.
    • Additionally on the same PPPOE port the ISP provides a xxx.xxx.xxx.x14/30 network
    • WAN is configured as PPPOE and gets the static IPv4 xxx.xxx.xxx.150 assigned automatically
    • In a separate VLAN (on a separate Interace OPT2) I now want to make a web server directly reachable from outside via an IPv4 from the 4 network and want to use the xxx.xxx.xxx.x15/32 for this.
    • All 4 IPv4 from the network are created as Virtual IPs as IP alias.

    In the NAT I have now routed TCP with port 80 and 443 to the destination xxx.xxx.xxx.x15/32 (virtual IP) with the redirect target IP from the VLAN which is assigned to the web server.

    In the domain DNS I have specified the IP xxx.xxx.xxx.x15. Nevertheless I can't reach the domain from outside.

    In NAT I have assigned outbound with Hybrid NAT the internal IP of the web server from the VLAN with the translation of xxx.xxx.xxx.x15.

    Furthermore, in the firewall, the NAT rules have automatically appeared in the WAN, which determine the appropriate port forwarding.

    I probably can't see the forest for the trees. Can someone please tell me where my thinking error lies?

    I want to make the nextcloud instance running on the webserver on a proxmox instance reachable via the subdomain, just like before pfSense too (damal Fritzbox).

    Thanks in advance for any help from you

  • LAYER 8

    it seems ok to me
    i have a similar configuration, the only thing is that it's not pppoe
    do you see the incoming requests with packet capture?
    i would try a simple telnet on port 80 from outside your network to xxx.xxx.xxx.x15
    if it connect you know it's a dns problem (did you wait enought for the propagation? https://www.whatsmydns.net/ does your domain point to xxx.xxx.xxx.x15 ? )
    if it doesn't connect you need to check firewall rules / routing

    also are you sure the xxx.xxx.xxx.x15 is an usable IP ? maybe it's the broadcast and you can't use it
    xxx.xxx.xxx.x14/30 network = Usable Host IP Range: xxx.xxx.xxx.13 - xxx.xxx.xxx.14
    Network Address: xxx.xxx.xxx.12
    Broadcast Address: xxx.xxx.xxx.15

  • @kiokoman Foudn the mistake. The VLAN whcih I assigned to the Interface was not giving out IPs via DHCP to the Clients. I had tha DHCP Server up and running, but it did not work properly. So I switched configuration and set the public IPS to the Interface and seperated the nextcloud network through a separate LAN out on the NIC and all hardware behind that is not connected to the rest of the main Network. So basically a real DMZ. Now it is working