AT&D Business Dedicated Fiber Internet

sdorn77

I just got an AT&T Dedicated Internet fiber connection installed, and am trying to figure out how to get it to talk to my pfSense router. They didn't provide any instructions, just information about the IP addresses and which port I should plug into on their box.

Below is the basic information they gave me. Ideas on what I need to change in my pfSense settings to get it to work?

IP Address Block
IP Address: 12.xxx.xxx.128/29

WAN Information
CR Serial IP Address: 32.xxx.xx.226/30
AR Serial IP Address: 32.xxx.xx.225/30
WAN IP Address: 32.xxx.xx.224/30

LAN Information
LAN IP Gateway: 12.xxx.xx.129
First Network Assignable: 12.xxx.xx.130
Usable IP Range: 12.xxx.xx.130 - 12.xxx.xx.134
Broadcast IP Address: 12.xxx.xx.135
Subnet Mask: 255.255.255.248

stephenw10

That looks good, they are routing a /29 to you via a /30 transport subnet.

What can be confusing is that the /30 could be on the WAN side of their own hardware?
In which case pfSense would have to use the /29 on it's WAN.

But assuming that isn't the case the two usable IPs in that /30 are .225 and .226 and lower IP is usually the gateway. That looks to be confirmed by this.

So configure the pfSense WAN to use 32.xxx.xx.226/30 with a gateway of 32.xxx.xx.225/30

Configure the pfSense LAN (or any other internal interface ) to use 12.xxx.xx.129/29 with no gateway.

Other clients can then use other IPs in the /29 on that interface.

Steve

sdorn77

@stephenw10

Thanks so much for the reply. I tried your suggestion but got no connection using that approach.

I tried using the LAN IP information on the WAN in pfSense, and that did work. I set the WAN interface on pfSense to use 12.xxx.xx.131/29 and the gateway as 12.xxx.xx.129.

Everything seems to be working fine now, and the pfSense device is using the assigned public IP address. Everything else is behind the NAT, which is how I wanted it to work.

Is the downside here that I can't use the other 4 public IP addresses they assigned me? Not sure that matters to me.

stephenw10

You can still use them as Virtual IPs on the pfSense WAN:
https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html

It would be nicer to use the /30 on the pfSense WAN directly but I assume they have supplied a device that's already using that?

Steve

sdorn77

@stephenw10 I think that is right. They installed what they referred to as a "router" that I cannot access the interface for as far as I can tell. They gave me a schematic and told me I should plug my equipment into a specific port on their router, which is what I connected the pfSense WAN interface to. Presumably their device is using the /30 which is why I was able to assign the /29 to the pfSense WAN interface.

stephenw10

Well that might be all you can do then if you can't use whatever is coming into their router directly.
Clearly other users are doing that since there are numerous instructions floating about like the one I linked to. Might be service dependent though.

Steve