ISP Provided Lan and Wan Blocks
-
@steveits I just changed the subnet to a /29 on the LAN side so it would allowed me to use the 216.57.76.36 on the interface. Is that really going to hurt anything not sure if anything really would be using the broadcast address.
-
@badincite Yeah they'll have to explain how it works in their setup. A /30 and /29 are much more typical, or else just assign a WAN subnet as a /29 and not need a second IP. Our data center uses a public subnet for its LAN, but our office uses a /29 and has an IP and virtual IPs.
If you use someone else's IP (which is technically what you've done by expanding your subnet) then your router won't be able to route to those IPs. That may not matter for your case.
-
@steveits It says I have 4 IP's in the Internal IP block /30. So I'm staying the the provide range the provided just with a different subnet so I can use the 1st IP.
-
@badincite Ah. On the LAN side they may not route that extra IP to you.
-
@steveits When I tested it using the first IP for the router's address, it worked correctly and I was able to use the 2nd and 3rd IP. After doing some more reading, I found a post where they were able to assign the LAN Block IPs as Virtual IP's, eliminating the need for two routers. I may try this out to simplify my configuration.
Here's the link to the post: https://community.spiceworks.com/topic/2248511-pfsense-configuration-isp-provided-wan-and-lan -
That actual works just tested it. Guess I'll just do that makes it easier
-
@badincite A routed /30 is silly.
If they provision a /29 a customer can use 5 IP address on "LAN."
If they provision two customers on the same /29 with /30s instead, they can each use 1 IP addresses on LAN.
So they are effectively wasting 3 usable IP addresses so they can serve two customers instead of just one.
The same theory applies with shorter prefixes, of course, but the percentage of "waste" goes down dramatically.
-
@badincite said in ISP Provided Lan and Wan Blocks:
That actual works just tested it. Guess I'll just do that makes it easier
Sounds like they weren't routing the /30 to the 216.50.72.xxx/31 IP after all, then? Well at this point I usually "back away slowly" as that often helps in not worrying about a problem anymore. :)
-
@steveits It seems they are routing the /30 addresses to the /31 address. If I wanted my actual public IP to be in the /30 range, I would have to handle the routing from the /30 internal out to the /31. I was able to achieve this by using a secondary router to route the public IP in front of my current router. When I checked "What is my IP?" on Google, it returned the /30 IP address. However, when I added the LAN Block as Virtual IP's, "What is my IP?" returned the /31 IP address. Nevertheless, I can still NAT the /30's through and use them for my individual web servers, which is all I need. Still have to use a /29 with them in order to use the 4 IP block but they all work.
-
Got everything up and working now with the LAN block as virtual IP's.
FYI: For anyone changing the WAN adapter assignment, I found that I needed to go back through the CLI instead of the web browser to reassign all adapters before it would start routing traffic. Initially, I made the change on the adapter in Esxi, but nothing connected to the internet. Then, I created a completely new adapter and assigned it as the WAN interface in the web browser, but still, nothing happened. Eventually, I went through the CLI assignment for just the WAN and LAN, and then traffic started routing again. After that, I was able to reassign and reset the interfaces with the web browser.
