Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to configure pfsense with a /30, /27 and local dhcp

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    9 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      clicky1
      last edited by

      Hi,

      I'm new to this and I'm confused about how to set this up.

      My ISP has given me a /30 ip address to use for my router and a /27 ip block to use for whatever other servers I need
      Lets say my /30 block  is 99.123.238.192/30 with my gateway ip being 99.123.238.193 and the ip for me to use is 99.123.238.194
      The /27 block is 99.85.158.224/27 and my first usable ip address is 99.85.158.226.
      I would like to also have a dhcp server running at 192.168.100.194

      The server I am using as a router(it has 3 nics) and a netgear switch. I'm using pfsense 2.0.3

      Can anyone point me in the right direction as to how to configure this so that the servers I assign in the /27 block can access the internet as well as the dhcp clients?

      1 Reply Last reply Reply Quote 0
      • J
        jasonlitka
        last edited by

        Let me guess…  Comcast Metro Ethernet?

        If so, save yourself some complexity and tell them to hand off the /27 at the switch.

        I can break anything.

        1 Reply Last reply Reply Quote 0
        • C
          clicky1
          last edited by

          Nope its not comcast and they said that my gateway is routing the /27 through my 99.123.238.194 address.

          Does this mean I need to configure the wan port with 99.123.238.194 and then configure the LAN port with one of the addresses in the /27 block and it should magically start working?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yes, I would think so.

            @clicky1:

            I would like to also have a dhcp server running at 192.168.100.194

            Not sure quite what you meant by this. You want that private subnet on a different interface?

            Steve

            1 Reply Last reply Reply Quote 0
            • J
              jasonlitka
              last edited by

              @clicky1:

              Nope its not comcast and they said that my gateway is routing the /27 through my 99.123.238.194 address.

              Does this mean I need to configure the wan port with 99.123.238.194 and then configure the LAN port with one of the addresses in the /27 block and it should magically start working?

              Eh, ok then.  Most of the people opening threads on this (or PMing me in relation to my threads on the topic) are using Comcast Metro-E, but there are a bunch of providers that do this so I've got to be wrong in my guesses some times.

              Anyway, yes, that's pretty much what you'd want to do, though I'd suggest that since you wanted to also have a private network, that you assign the WAN interface the /30, the LAN interface the private /24, and then create an OPT interface (named DMZ or similar) and then give it the /27.

              I can break anything.

              1 Reply Last reply Reply Quote 0
              • C
                clicky1
                last edited by

                Thanks I'll try that. Does it matter that the lan gets the /27 or the opt gets it?

                1 Reply Last reply Reply Quote 0
                • C
                  clicky1
                  last edited by

                  @Jason:

                  @clicky1:

                  Nope its not comcast and they said that my gateway is routing the /27 through my 99.123.238.194 address.

                  Does this mean I need to configure the wan port with 99.123.238.194 and then configure the LAN port with one of the addresses in the /27 block and it should magically start working?

                  Eh, ok then.  Most of the people opening threads on this (or PMing me in relation to my threads on the topic) are using Comcast Metro-E, but there are a bunch of providers that do this so I've got to be wrong in my guesses some times.

                  Anyway, yes, that's pretty much what you'd want to do, though I'd suggest that since you wanted to also have a private network, that you assign the WAN interface the /30, the LAN interface the private /24, and then create an OPT interface (named DMZ or similar) and then give it the /27.

                  I think I see why to use OPT/DMZ with the /27. It's so that I can set up the firewall rules manually since everything is blocked by default?
                  I noticed that after looking at http://doc.pfsense.org/index.php/Example_basic_configuration

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    It doesn't make much difference. You could just as easily change the LAN firewall rules to suit you requirements. The only difference between the LAN interface and any other internal interfaces you might have is that LAN has some rules by default to make it easy to get going after an initial install.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • C
                      clicky1
                      last edited by

                      This worked out.
                      Wan = /30
                      Lan = /24 local 192.168.100.x with dhcp
                      Opt1 = /27

                      And I had to enable ports (80, 443, 21, etc) on all interfaces

                      Thanks for the help

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.