Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Spectrum Static Public IP address without router (in bridge mode) and with PfSense

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 3 Posters 8.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by stephenw10

      P-t-P doesn't require a subnet at all, all traffic leaving from it can only go to the otherside of the link so it doesn't matter. Most PPPoE sessions are like that for example:

      [2.5.2-RELEASE][admin@pfsense.fire.box]/root: ifconfig pppoe0
pppoe0: flags=88d1<UP,POINTOPOINT,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1492
	description: PLUSNET
	inet 143.194.232.98 --> 172.16.13.252 netmask 0xffffffff
	inet6 fe80::fad1:11ff:fec1:5b57%pppoe0 prefixlen 64 scopeid 0x11
	nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

      FreeBSD/pfSense requires it to be set to be set so it can be used for routing. Without any subnet mask specified it would throw errors in numerous places. As I understand it at least.

      Steve

      1 Reply Last reply Reply Quote 1
      • E
        Eugene 0
        last edited by

        Sorry, the second netmask is /30 and not /32.

        Yes, I have a Business account with Spectrum, and I pay for a static IP address.
        I'm trying to save energy by excluding the router in Bridge mode. I have the network connected to a server that works 24/7.

        I would like to have:
        Spectrum Modem -> <WAN>PfSense (5 total Ethernet ports including wan) -> Server, SmartTV, Security Cams,

        At this moment, I have: (NO PfSense Connected)
        Spectrum Modem -> <WAN> Spectrum Router (bridge mode - this has Static IP address connected to gateway /20 netmask) -> <WAN>Router with wifi (Static IP with netmask /30 and has its gateway. This IP is my Public IP address) -> Server, SmartTV, Security Cams.

        I tried different variations for network connection, works fine:
        Spectrum Modem -> <WAN> Spectrum Router (bridge mode - this has Static IP address connected to gateway /20 netmask) -> <WAN>PfSense (Static IP with netmask /30 and has its gateway. This IP is my Public IP address) ->Router with wifi -> Server, SmartTV, Security Cams.

        Simple explaining: Can I create two routers in PfSense to work in series with two different subnet masks? The first router should be in Bridge mode.

        Spectrum Modem -> WAN PfSense static IP /20 netmask -> WAN PfSense static IP /30 netmask -> LAN PfSense with internal IP 192.168.1.1.

        stephenw10S 1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator @Eugene 0
          last edited by

          @eugene-0 said in Spectrum Static Public IP address without router (in bridge mode) and with PfSense:

          Can I create two routers in PfSense to work in series with two different subnet masks?

          No, but you shouldn't have to.

          Are you sure the spectrum router is using a static IP on it's WAN? You have admin access to that device?
          What do spectrums docs say about 3rd party routers?

          Steve

          E 1 Reply Last reply Reply Quote 0
          • E
            Eugene 0 @stephenw10
            last edited by

            @stephenw10
            I have access to the Spectrum Router in bridge mode. I checked and yes 100% has static IP.

            I do not know the Policy regarding 3 Party routers.

            One more thing: excluding the Spectrum router in Bridge mode and instead connect the PfSense with WAN settings - IP address connected to gateway /20 netmask (exact same IP settings and gateway from Spectrum router in bridge mode) = I get an internet connection but my public IP is not real one instead I get the IP from Spectrum router in Bridge mode.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Ok, and you don't want to use the static public IP from the /30 on an internal interface?

              Then I would add the IP as a VIP on the WAN and change your outbound NAT rules to use that instead of the WAN address.
              Since they appear to be routing the /30 to you you can probably use both IPs from it if you want.

              To test that first add the VIP on WAN then go to Diag > Ping anf make sure you ping out usig the VIP as the source IP.

              Steve

              E 1 Reply Last reply Reply Quote 0
              • E
                Eugene 0 @stephenw10
                last edited by

                @stephenw10
                I would like to use IP from /30 netmask -I do not want to use IP from /20 netmask.
                The reason is: IP from Netmask /20 is blacklisted on multiple services.

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  So add it as a VIP and test it.

                  1 Reply Last reply Reply Quote 0
                  • E
                    Eugene 0
                    last edited by

                    @stephenw10
                    Nop, does not work.

                    1 Reply Last reply Reply Quote 0
                    • E
                      Eugene 0
                      last edited by

                      I will try to explain differently:
                      I have one Static Public IP provided by Spectrum (I pay for Static IP): y.y.y.y /30 netmask with Gateway y1.y1.y1.y1

                      My connection:
                      Spectrum Modem -> WAN Spectrum router (bridge mode) static IP x.x.x.x /20 netmask with Gateway x1.x1.x1.x1 -> WAN Router (my personal router) static IP y.y.y.y /30 netmask with Gateway y1.y1.y1.y1 -> Server, Web Cams. TVs with internal IPs 192.168.2.2.-192.168.1.254.

                      I want to remove the WAN Spectrum router (bridge mode) and use Pfsense with 5 Ethernet ports.
                      Spectrum Modem -> WAN PfSense IP x.x.x.x/20 netmask with Gateway x1.x1.x1.x1 -> WAN Pfsense IP y.y.y.y /30 netmask with Gateway y1.y1.y1.y1 -> Server, Web Cams. TVs with internal IPs 192.168.2.2.-192.168.1.254.

                      I tried to make a configuration:
                      Spectrum Modem -> WAN Pfsense IP x.x.x.x/20 netmask with Gateway x1.x1.x1.x1 -> VIP Pfsense IP y.y.y.y /30 + NAT

                      I tried to ping externally and internally IP x.x.x.x - works fine; I have an internet connection, but public IP is still x.x.x.x

                      I can Ping IP y.y.y.y internally but not externally.
                      all ports and rules are open

                      I think: it probably does not work because I did not indicate Gateway y1.y1.y1.y1 for IP y.y.y.y /30 in the VIP - I do not know-how.

                      Also, I tried to make a configuration:
                      Spectrum Modem -> WAN Pfsense IP y.y.y.y /30 netmask with Gateway y1.y1.y1.y1 -> VIP Pfsense IP x.x.x.x/20 + NAT
                      With this configuration, the Internet does not work

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        If they are actually routing the /30 to you then the gateway address, y1.y1.y1.y1, will actually be on the Spectrum router. The /30 exists only between the Spectrum router and your existing router.
                        Is that the case?

                        If not then I'd suggest looking to see if anyone else has already done this. I'm sure someone will have tried.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • E
                          Eugene 0
                          last edited by

                          Untitled-11.jpg Untitled-111.jpg Untitled-1111.jpg Untitled-11111.jpg

                          1 Reply Last reply Reply Quote 0
                          • E
                            Eugene 0
                            last edited by

                            The first 3 pictures are settings from the router in bridge mode.
                            The last picture with settings from 3rd party router (for wi-fi, Server, TVs).

                            1 Reply Last reply Reply Quote 0
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              Ok, well I'm not sure how many of those setting actually apply when it's in bridge mode. Those NAT setting in particular seem unlikely to apply here since the router behind it is using that IP directly.

                              I also note that the bridged router is showing the x1.x1.x1.x1 as being DHCPv4 and not static as you said. However we can't see the WAN setup there, it could just be a display glitch.
                              Does pfSense work there with it's WAN set as DHCP?

                              Given what we can see I would have expected the /30 IP to work as a VIP. Can we see exactly how that was setup?

                              I could imagine it might require a different MAC to work which would be a problem.

                              It could be a completely separate subnet enabled on the same link (ugly!) and might require using the /30 upstream gateway. In which case you would have to add the gateway and outbound NAT rules to use it.

                              Steve

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.