Slightly confused



  • so i'm a little confused with how to go about this…

    my upstream provider has giving me a /24 block of ip's to assign to my clients...
    i get that i gotta create 1:1 mappings... is there an easier way then entering each ex-ip=in-ip??

    i have set wan port to static ip xxx.53.232.12, entered provided dns info, what i'm lost @ is setting the wan with a second ip xxx.53.236.1

    email from provider:

    Chris,

    We have assigned the IP block to you.
    xxx.53.236.0/24

    I have routed this block to point to your existing static IP.
    xxx.53.232.12

    The reverse dns for the ip block will be host[xxx].mybusiness.com.

    You can now assign the gateway interface on your router with xxx.53.236.1/255.255.255.0 and hosts on the same subnet to access the Internet with these new IP's.

    Please let me know when you have a chance to test and confirm everything is operating properly.

    any help would be greatly appreciated!!  ???


  • Rebel Alliance Developer Netgate

    If you enter the 1:1 NAT entry with a /24 mask, it will map the entire internal subnet to the entire external subnet.

    So you'd enter it like:
    Interface: WAN
    External subnet IP: xxx.53.236.0
    Internal IP: Type Network, 10.1.0.0/24

    Then it will map every single IP in the public /24 to its corresponding IP in 10.1.0.x, so  .5=.5, .234=.234, and so on.



  • Thank you, should have seen it, my mind is being pulled in every direction lately getting caught up on network deployment…

    so i've entered it as you stated, went to google and typed what my ip and google pulls the corresponding ip as it should, but when i go to speedtest.net it shows my xxx53.232.12 and upstream providers domain, is this something i correct in pfsense or my providers configuration that needs changing?


  • Rebel Alliance Developer Netgate

    @Disturbed1:

    Thank you, should have seen it, my mind is being pulled in every direction lately getting caught up on network deployment…

    so i've entered it as you stated, went to google and typed what my ip and google pulls the corresponding ip as it should, but when i go to speedtest.net it shows my xxx53.232.12 and upstream providers domain, is this something i correct in pfsense or my providers configuration that needs changing?

    Not sure why it would show that on a speed test since it should be using that 1:1 NAT no matter what as it goes out the WAN… unless it's getting run through a proxy or something that would make it originate from the firewall... That, or if the source IP was on a different subnet not covered by the 1:1 NAT



  • I do run squid transparent on pfsense….

    Also I should clarify I run 10.0.0.1/8
    But only have dhcp assigning 10.212.101.1-254
    When I entered the 1:1 I entered "internal type network, 10.212.101.0/24"

    Should I replace the 10.212.101.0/24 with 10.0.0.0/8 knowing dhcp is covering that specific range only?


  • Rebel Alliance Developer Netgate

    no, or the 1:1 would run out of IPs, you'd end up assigning IPs that weren't being routed to you. It would be better to use /24 all around instead of using /8 anywhere.



  • okay, i'll change interface setting to /24 and disable squid transparent and do a quick test shortly….

    "ka, maybe not shortly but thru out the middle of night once all clients are offline here and i'll report back tomorrow morning..."

    Thank you for your input ! ! !



  • okay, was able to make changes this morning,

    lan subtnet set to /24, reconfigured outbound nat, and uninstalled squid proxy….

    went to google and typed whats my ip, google came back with proper ip's and so did speed test...

    everything works as it should except dns resolve... still shows my upstream providers names... so i'm going to guess at this point i'll have to get them to resolve this???

    thank you for your assistance ! ! !



  • @Disturbed1:

    everything works as it should except dns resolve… still shows my upstream providers names... so i'm going to guess at this point i'll have to get them to resolve this???

    Most likely, these are the PTR records they have to change



  • Awesome! Thanks for the info… Will ask them....

    Thank you guys for everything!!!

    problem solved....


Log in to reply