Help Pls. If we need addtional network interface card for extra static IPs

chxzqw

If this is posted wrong place pls forgive me.

Hi all,

Currently we are getting 2 public static IPs from ISP via ADSL2+ using PPPoE say for example 5.5.5.1/30 and 5.5.5.2/30

and we use 5.5.5.2/30 to hold our website. OK let me then describe our scenario as below:

ISP –(ADSL2+ PPPoe)--> (WAN)Draytek Vigor2710e(LAN1:192.168.1.1/24 LAN2:5.5.5.1/30) --> (WAN static Gateway IP

5.5.5.1/30 WAN IP 5.5.5.2/30)pfsense box(LAN:192.168.1.1/24) --> LAN

The Draytek Vigor2710e is for modem purpose and doing PPPoE thing actually and the pfsense box is the router deals with

real stuff.

We use 5.5.5.1/30 for accessing the modem/router's web interface while 5.5.5.2/30 for our website

So, my actual questions are:

1. Is there any way to simplify or optimize the above network structure ? Actually I can't completely understand the

above one which was provided by another guy long time before. Yes it works fine but seems odd to me. I feel the

modem/router should be in bridge mode and we should just do PPPoE thing on the pfsense box but I tried some effort and

was failed and I don't know why. I may also think the 5.5.5.1/30 is wasted in such situation and we should use some

internal address to replace the public one. So any advise please ?

2. Do we need to get additional network interface card if we are gonna get more static IPs to hold multiple https website

in my scenario? Either yes or no how then we should adjust the settings?

My apologize if my English doesn't make sense.

Thanks guys.

viragomann

Your network structure looks very oddly, indeed.
Could you attach a map to give a better review?

You don't need additional interfaces if your gateway supports this. In pfSense you can add additional subnets to an interface as "IP Alias". Firewall > Virtual IPs

chxzqw

Hi thanks for your comment and sorry about the mess. I have just attached an image and hope it helps.

viragomann

Hi,
your map shows a usual configuration. Nothing odd except, I can't understand what the LAN1 IP 192.168.1.1/24 at the Vigor is good for. The modem isn't connected to your LAN.

I think, the Vigor can do PPPoE only at ISP side, not on LAN ports.

Your /30 net consists of 4 IP addresses: 5.5.5.0 - 5.5.5.3
The lowest one usually is the net address, the highest one is the broadcast address. A 3rd is need as gateway, that is 5.5.5.1 in your case. These 3 IPs are defined in every TCP/IP network, no matter how many IPs it provides.
This leaves you just 1 IP in your /30 net for your purposes, e.g. for webserver.

If you need more IPs you have to order additional subnets from your ISP.

chxzqw

Hi thank you for your comments. Really appreciated that.

1. Actually I don't understand the 192.168.1.1/24 on LAN1 at Vigor either, which is something left by others. So do you think it is fine if I remove that and only keeps the 5.5.5.1/30 ?

2. Just wonder does it have to be same IP between the vigor LAN side and the pfsense WAN gateway side ? Say for example 5.5.5.1/30 in this case. My understanding is they should be in same network but usually it needs 2 different IPs to connect separate ports.

3. My initial though is to turn the vigor one into bridge mode and just let the signal on phone line pass through then do PPPoE stuff on pfsense box, which makes the structure more clear and easier for me to config. So is that possible or some factors just prevent that ?

Thanks again for your time and answers.

viragomann

@chxzqw:

1. Actually I don't understand the 192.168.1.1/24 on LAN1 at Vigor either, which is something left by others. So do you think it is fine if I remove that and only keeps the 5.5.5.1/30 ?

There is no use for the IP 192.168.1.1/24 at Vigor since it's not connected to your LAN. So I think you can remove it. That will be a hangover from a time before there was a dedicated firewall added to the network.

@chxzqw:

2. Just wonder does it have to be same IP between the vigor LAN side and the pfsense WAN gateway side ? Say for example 5.5.5.1/30 in this case. My understanding is they should be in same network but usually it needs 2 different IPs to connect separate ports.

The Vigor is your gateway to the WAN and its IP is 5.5.5.1/30. This have to set up in pfSense as "default gateway" to tell it to route any packets addressed to external IPs to it.

@chxzqw:

3. My initial though is to turn the vigor one into bridge mode and just let the signal on phone line pass through then do PPPoE stuff on pfsense box, which makes the structure more clear and easier for me to config. So is that possible or some factors just prevent that ?

This is the common configuration. If you want to use bridge your ISP has to support this, but I think he wouldn't.

chxzqw

:)Thanks a lot. Really appreciated your comment!