How to configure pfsense with a /30, /27 and local dhcp
-
Hi,
I'm new to this and I'm confused about how to set this up.
My ISP has given me a /30 ip address to use for my router and a /27 ip block to use for whatever other servers I need
Lets say my /30 block is 99.123.238.192/30 with my gateway ip being 99.123.238.193 and the ip for me to use is 99.123.238.194
The /27 block is 99.85.158.224/27 and my first usable ip address is 99.85.158.226.
I would like to also have a dhcp server running at 192.168.100.194The server I am using as a router(it has 3 nics) and a netgear switch. I'm using pfsense 2.0.3
Can anyone point me in the right direction as to how to configure this so that the servers I assign in the /27 block can access the internet as well as the dhcp clients?
-
Let me guess… Comcast Metro Ethernet?
If so, save yourself some complexity and tell them to hand off the /27 at the switch.
-
Nope its not comcast and they said that my gateway is routing the /27 through my 99.123.238.194 address.
Does this mean I need to configure the wan port with 99.123.238.194 and then configure the LAN port with one of the addresses in the /27 block and it should magically start working?
-
Yes, I would think so.
I would like to also have a dhcp server running at 192.168.100.194
Not sure quite what you meant by this. You want that private subnet on a different interface?
Steve
-
Nope its not comcast and they said that my gateway is routing the /27 through my 99.123.238.194 address.
Does this mean I need to configure the wan port with 99.123.238.194 and then configure the LAN port with one of the addresses in the /27 block and it should magically start working?
Eh, ok then. Most of the people opening threads on this (or PMing me in relation to my threads on the topic) are using Comcast Metro-E, but there are a bunch of providers that do this so I've got to be wrong in my guesses some times.
Anyway, yes, that's pretty much what you'd want to do, though I'd suggest that since you wanted to also have a private network, that you assign the WAN interface the /30, the LAN interface the private /24, and then create an OPT interface (named DMZ or similar) and then give it the /27.
-
Thanks I'll try that. Does it matter that the lan gets the /27 or the opt gets it?
-
Nope its not comcast and they said that my gateway is routing the /27 through my 99.123.238.194 address.
Does this mean I need to configure the wan port with 99.123.238.194 and then configure the LAN port with one of the addresses in the /27 block and it should magically start working?
Eh, ok then. Most of the people opening threads on this (or PMing me in relation to my threads on the topic) are using Comcast Metro-E, but there are a bunch of providers that do this so I've got to be wrong in my guesses some times.
Anyway, yes, that's pretty much what you'd want to do, though I'd suggest that since you wanted to also have a private network, that you assign the WAN interface the /30, the LAN interface the private /24, and then create an OPT interface (named DMZ or similar) and then give it the /27.
I think I see why to use OPT/DMZ with the /27. It's so that I can set up the firewall rules manually since everything is blocked by default?
I noticed that after looking at http://doc.pfsense.org/index.php/Example_basic_configuration
-
It doesn't make much difference. You could just as easily change the LAN firewall rules to suit you requirements. The only difference between the LAN interface and any other internal interfaces you might have is that LAN has some rules by default to make it easy to get going after an initial install.
Steve
-
This worked out.
Wan = /30
Lan = /24 local 192.168.100.x with dhcp
Opt1 = /27And I had to enable ports (80, 443, 21, etc) on all interfaces
Thanks for the help
