PPPoE subnet ….



  • I have a block of 8 IP's ranging from X.X.X.80 to X.X.X.87 but using them is proving a pain.

    The problem that I am seeing is my public facing IP address changing during 'sessions' with other machines, this is a real problem when logged into a bank account or doing file transfers. I proved this issue by setting up a web server and an FTP server in my 'other' office and then connecting from my real one, the logs at the 'other' office identified the IP changing, I also proved it by calling the bank who watched one of my sessions dynamically (if your IP changes during a session they boot you off the system), he confirmed my findings.

    Basically we run a web server and an e-mail server, these have public DNS / MX records on IP addresses X.X.X.85 and X.X.X.84, the actual port I use on my physical connection is X.X.X.86 (X.X.X.87 is the broadcast IP).  I set up Virtual IP's for the web server and E-Mail server for use in NAT and they work fine.

    There are currently no public pointers to IP addresses X.X.X.80 through to X.X.X.83, these IP addresses are totally unreachable from anywhere.

    If I log into the ISP using 'DHCP' the ISP system always allocates me the IP address X.X.X.86, if I try to fix it at anything other than this i.e. X.X.X.80 the connection fails so I am stuck with X.X.X.86

    By my calculation my IP subnet should be 255.255.255.248 - but when looking at the WAN status in pFsense it is 255.255.255.255

    So I have several questions, please excuse the ignorance that they may demonstrate.

    1) Can I force my PPPoE WAN subnet to be 255.255.255.248 ?

    2) If the answer to 1 is 'no' how can I stop the IP switching that I am seeing ?

    3) If the answer to 1 is 'no' I am guessing that I can not make my remaining IP's available without buying public DNS records ?

    4) Is this related to my CARP / ProxyARP / Other settings (I have everything configured as 'other' as CARP refuses to configure and I know ProxyARP messes up FTP. I have tried a Virtual IP and ProxyARP with X.X.X.80/29 and also tried Virtual IP's for each IP address X.X.X.80/32 - X.X.X.87/32 an set the ARP method to 'other' - CARP refuses to allow with the message "Sorry, we could not locate an interface with a matching subnet for X.X.X.83/32" etc. I realise that I have a single connection and that some routing must take place to turn 1 connection into 8 but how do I stop the 'outgoing' IP address changing !!

    5) I realise that I have a single connection and that some routing must take place to turn 1 connection into 8 but how do I stop the 'outgoing' IP address changing ? Should the ISP allow me to use the IP address X.X.X.80 with the correct subnet 255.255.255.248 and let me deal with the routing ?



  • i think that the option that you need is in the menu setup–--advanced and in the section load balancer is there something like keep ip or something like that, i dont remember where read that lol, but it could be.

    i read your post because i need configure a block of 16 ips but i can't do it, would you tell me what you did for condigure the yours?

    i want to make nat in either ip of the range but i only can nat the ip configure in the nic, in what part are you configure the range?

    sorry for my bad english



  • So far I haven't solved this issue, if I do find a solution I will post it here.



  • i will try with this:

    http://doc.pfsense.org/multiple-subnets-one-interface-pfsense.pdf

    but i need to wait because the network almost always is bussy, if u can try before lets do it and tell me if works



  • I'm not sure that will be applicable to the WAN interface and internal subnets aren't a problem for me.

    My problem is getting a single WAN connection to appear to the outside world as 8 IP Addresses (6 useable excluding subnet address and broadcast address).

    Since here in the UK we are forced to use PPPoA this by default gives you a 255.255.255.255 subnet mask over which you have no control whatsoever it is impossible to correctly replicate your fixed IP addresses as you would with true PPPoE by applying your subnet address as the interface address and then using the appropriate subnet mask because you can't change the mask.

    My biggest problem is to get internal machines to resolve publicly with their public IP address whilst maintaining them on a private internal address, I also have the issue that my WAN IP address seems to skip around, it can become any one of the active IP's in my block of 8 even in the middle of a session, I am 100% certain that this isn't my issue but you try convincing an ISP technical support of that.



  • ok, i didn't know about the netmask in UK, im from mexico, and me neither be sure if the doc applies to wan but i try everything to resolve my situation, and seems that there are many people with your same problem in the forum, anyway, good luck


Log in to reply