Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block of 16 IP address from ISP. Need help in setting up.

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rizwan602
      last edited by

      Hello,

      This is the first time I am setting up a pfSense router like this:

      I ordered a block of 16 public IP addresses from our ISP. This is the information they gave me. NOTE the IP addresses have been altered for example.

      How can I set up the pfSense router with these addresses properly? I have only done work with NAT. Never with routing between two IPv4 networks. The ISP said I would need a 'business router' like a Cisco systems (not a Linksys type router). I would like to use pfSense router. I do not need NAT on a port, but it would be nice if I could. But I just need this to work as soon as possible.

      I have tried to conigure the WAN port with the WAN ip (71.165.180.199) and the lan subnet with the CIDR range (below) and disabled NAT in pfSense. I can get outbound traffic but I can't get to ping or see open ports on any addresses in the CIDR range.

      Info:

      (WAN info)

      Static IP:
      71.165.180.199

      Gateway: 71.165.180.193
      Netmask: 255.255.255.240
      Primary Name server: 4.2.2.1
      Secondary Name server: 4.2.2.2

      (CIDR info)

      Subnet 180.185.160.208/28
      NetMask 255.255.255.240
      Number of hosts 13
      Suggested Default Gateway 180.185.160.209
      First Useable 180.185.160.210
      Last Useable 180.185.160.222
      Broadcast 180.185.160.223

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Even with NAT disabled you will still need firewall rules on WAN passing traffic from outside with a destination of the CIDR.

        If you want it wide open use something like:

        Pass ip source any dest LAN net

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • R
          rizwan602
          last edited by

          I have tried that rule already and it didn't work. I see in the firewall logs that if I try to ping any of the CIDR addresses, the firewall blocks it. So I created an easy rule to allow the pings to come through. The firewall no longer reports that the pings are being blocked, but there is no reply. I also tried opening all ports as you suggested but no response. I have a MikroTik router on one of those CIDR addresses. It works great for outbound traffic but I can't ping it or access its web interface. I'm not sure where the traffic is going to.

          @Derelict:

          Even with NAT disabled you will still need firewall rules on WAN passing traffic from outside with a destination of the CIDR.

          If you want it wide open use something like:

          Pass ip source any dest LAN net

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            You'll need to post interface configs and firewall rules.  There's really not much to it.

            Are you sure the WAN rules on the microtik aren't preventing ping/access?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • R
              rizwan602
              last edited by

              As a last resort I reset the MikroTik router to its factory defaults and re-configured it. It started to respond to ICMP / ping requests.

              It is also connecting properly to the outside world. Earlier, from within its menu, it could not ping or traceroute to anywhere. Now it is able to do it.

              One thing though, the MikroTik has a web interface on port 80. I still cannot get to it from the outside world. I looked in the pfSense logs but I see no signs of traffic coming in (either being passed or blocked). I have set the option "Log packets that are handled by this rule" for both the WAN and LAN interfaces for all the rules that are there. I'll do more research on this but if you have any ideas please let me know. Thank you all!

              @Derelict:

              You'll need to post interface configs and firewall rules.  There's really not much to it.

              Are you sure the WAN rules on the microtik aren't preventing ping/access?

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                My idea is that the microtik responds on port 80 from LAN but not from WAN unless you explicitly tell it to do so.  Just a guess.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • R
                  rizwan602
                  last edited by

                  MikroTik routers by default allow connections from the WAN side as far as I know. I have other MikroTiks deployed out there and they all respond to web page requests with no configuration necessary to make them do so.

                  @Derelict:

                  My idea is that the microtik responds on port 80 from LAN but not from WAN unless you explicitly tell it to do so.  Just a guess.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.