[Solve] My ISP give me WAN /30 and LAN /29 Public IPs

  • Hello To ALL PFsense Guru,

    This is a common question but I am already 1 week browsing every articles which related to my subject name. I only found suggestion and not an answer directly to the setup. I also bought a PFsense manual but seems procedure are outdated particular to 8.2 Routing Public IPs.

    I have a PFsense box 2.0.2-RELEASE (amd64) built on Fri Dec 7 22:39:43 EST 2012 FreeBSD 8.1-RELEASE-p13.

    I only need to use public ip /29 which my ISP have given to me but they give me a /30 too.

    They said /30 is for my WAN and /29 for my LAN.

                                 | Wan: x.x./30
                                 | Lan: x.x./29
                       SeverA    ServerB
                       x.x./29        x.x./29

    I already done setting up WAN /30 and LAN /29 but the problem is when I deleted all outbound manual NAT setting the LAN /29 doesn't have internet accessed outside, I also tried setting my firewall allow all traffic to pass * * * * No Que * both WAN and LAN. What I am sure is that I can accessed WAN /30 on my other internet line but not the servers /29.

    Can you give me a quick setup for this No NAT and No Firewall just a simple router to emit /29 public IPs.

    Thanks very much for who has a kind heart.


  • Anyone knows???

  • If you going to completely disable the firewall, there is no point in using something like pfsense. Is there some reason you can not just use the ISP recommended router for this?

  • This is a very common configuration: use a /30 for the point-to-point link and have another subnet (in your case /29, could be anything e.g. /28, /27, …, /24 etc) routed to your WAN IP.

    Your /29 allows 6 usable IPs. Do you want to use "real" (i.e. publicly routable) IPs in your LAN, or "private" RFC1918 IPs ?

    If you'll only be having a few servers, or maybe running applications that don't work well with NAT, you might want to disable pfSense's NAT. But if you also have multiple local subnets with private addressing, you might want to consider that and do either 1:1 NAT or port-forwarding.

  • If you are just setting it up as a router, configure the WAN with the /30 point the gw at the ISP's end of the /30 and put one of the /29 ips on your LAN side. Then disable the firewall under advanced. Should be a simple config.

  • @dotdash:

    Then disable the firewall under advanced.

    Do not disable the firewall, you just need to disable NAT.

    You can disable the firewall if you really want just a pure router, but almost no one in this kind of circumstance wants that.

  • Hi to all Gurus,

    Your tips has worked out. Especially ticking the System –- Advanced ---- Firewall/NAT ---- Disable all packet filtering. Also I need to call my ISP provider as my /29 need to fix on their side. Then whala! all my servers are pingable from outside. Also when I checked using ipchicken.com it shows the right public IP and not the WAN IP /30.

    Great help coming from all of you guys! Now I need a second PFsense box acting as my firewall.

    PFsense rock the best!

  • @enavaro:

    Especially ticking the System –- Advanced ---- Firewall/NAT ---- Disable all packet filtering.

    Check my last post - don't do that, just disable NAT. No need to have a separate firewall.

Log in to reply