How do i setup BT Business Infinity PPPoE with 5 Static IPs
-
Hey guys,
I have been looking threw this forum for a few days now trying to find a solution to my problem that dose not involve me resorting to using the HomeHub3…
I have ordered BT Fibre Business Broadband with 5 static IP addresses. I am attempting to setup my network so that I can use a proper domain name as well as the below.
1 - SSH box for remote access
2 - VPN end point [hosted on the same PfSense box however I have a limitation on ports I can use on the remote sites so I want to assign two of the IPs here]
3 - The last two IP address I currently have no use for yet.Current set-up is below:
BT ISP <===> Huawei-EchoLife HG612 <=PPPoE=> PfSense <===> RasberryPI [SSH Box]As you could probably have worked out the PPPoE setup gives me a dynamic IP address not in the range off my static IP addresses… What I have dons so far is to put my 5 static IPs into Virtual IPs [IP Alias] on my WAN interface. I then setup 1:1 NAT and mapped one of those IP addresses to my RasberryPi SSH box.
At this point my RasberryPI looses internet connectivity… I am able to SSH onto the RasberryPI from my desktop that is on a different router attached to a different NIC and running over OSPF _.
NAT configuration is:
Interface - WAN
Internal IP
type - Single Host
Address - 192.168.1.100 [The Internal IP address of my RasberryPI]
Destination
Type - any
Address - blank
NAT reflection - use system defaultStatic IP details from BT
You’ve ordered a range of Static IP addresses, which contains 8 addresses from x.y.z.193 to x.y.z.197. Three of these are reserved:
network address: x.y.z.192
router/Hub address: x.y.z.198
subnet mask address if you have 5 Static IP addresses: 255.255.255.248My WAN interface setup as assigned by PPPoE
IP address a.b.c.141
Subnet mask 255.255.255.255
Gateway 217.32.147.107
ISP DNS servers 8.8.8.8Is some one able to help me come up with a better way of doing things or simply point out what is probably going to be a very silly mistake?
Please let me know if you need any more information.
Thank you_
-
ok….. I have got a little further....
according to a very friendly man at BT I had my PPPoE settings wrong.... apparently for the static IPs to work I need to use a specific PPPoE username and password. [This is unusual to BT and not what allot of posts out there tell me] I now have this set correctly.
The 1:1 NAT config now dose not prevent my rasberryPI from accessing the internet which is either a sine it is not working or a step in the right direction.
I have also set a very open rule in my firewall and set it to log everything for testing. When looking over the logs i noticed that i am not getting any hits at all when attempting to browse to one of my public IPs from my phone… This suggests to me that these IPs are not even reaching me.. I have also attempted a packet capture on the WAN interface and still found nothing....
Would this suggest that the IPs are indeed not being sent to me? If this is the case what would the best way of testing this be?
Thank you
-
You need to set up VIP's for the other addresses.
-
Hey Chpalmer,
I have VIP's set for x.y.z.193 to x.y.z.197 although I only have one of them 1:1 NATed to an actual device… _My current thinking is as my rasberryPi is able to ping out with 1:1 NAT set then the routes must be working correctly… so the issue I think is on WAN port... could it be that the port is ignoring the packets as they are not addressed to it? I set the VIPs to the WAN port using IP Alias. Is there a setting on my WAN interface or even my Manual Outbound NAT config I am not setting properly?
I think it may be time to buy the pf sense book.... :P_
-
got it to work :P
The answer happened to be my apache2 server that i was using for testing…. [still not bothered to fix that yet but meh]
I was running packet captures with pings between me and a friend and watched the packets pass as expected… I then asked if he could ssh to the same IP and he instantly got hit with the user request screen :P
For those who got confused with my other posts and need to work out how to get this far below is a summery of what I did.
On the WAN interface:
Type = PPPoE
Username = [user].btclick.com
pass = welcome123Virtual IPs {i made 5 of these with all IPs in my range}
Type = IP Alias
Interface = WAN
Address = x.y.z.193/291:1 NAT
Interface = WAN
External subnet IP = x.y.z.193{one of my publicIPs}
Internal IP = 10.0.200.1 {one of my internal IPS}FireWall
allowed any port from any source IP to port 22 on 10.0.200.1Now i need to work out how to get openVPN to run of a VIP…..
