Block of 16 IP address from ISP. Need help in setting up.
-
Hello,
This is the first time I am setting up a pfSense router like this:
I ordered a block of 16 public IP addresses from our ISP. This is the information they gave me. NOTE the IP addresses have been altered for example.
How can I set up the pfSense router with these addresses properly? I have only done work with NAT. Never with routing between two IPv4 networks. The ISP said I would need a 'business router' like a Cisco systems (not a Linksys type router). I would like to use pfSense router. I do not need NAT on a port, but it would be nice if I could. But I just need this to work as soon as possible.
I have tried to conigure the WAN port with the WAN ip (71.165.180.199) and the lan subnet with the CIDR range (below) and disabled NAT in pfSense. I can get outbound traffic but I can't get to ping or see open ports on any addresses in the CIDR range.
Info:
(WAN info)
Static IP:
71.165.180.199Gateway: 71.165.180.193
Netmask: 255.255.255.240
Primary Name server: 4.2.2.1
Secondary Name server: 4.2.2.2(CIDR info)
Subnet 180.185.160.208/28
NetMask 255.255.255.240
Number of hosts 13
Suggested Default Gateway 180.185.160.209
First Useable 180.185.160.210
Last Useable 180.185.160.222
Broadcast 180.185.160.223 -
Even with NAT disabled you will still need firewall rules on WAN passing traffic from outside with a destination of the CIDR.
If you want it wide open use something like:
Pass ip source any dest LAN net
-
I have tried that rule already and it didn't work. I see in the firewall logs that if I try to ping any of the CIDR addresses, the firewall blocks it. So I created an easy rule to allow the pings to come through. The firewall no longer reports that the pings are being blocked, but there is no reply. I also tried opening all ports as you suggested but no response. I have a MikroTik router on one of those CIDR addresses. It works great for outbound traffic but I can't ping it or access its web interface. I'm not sure where the traffic is going to.
Even with NAT disabled you will still need firewall rules on WAN passing traffic from outside with a destination of the CIDR.
If you want it wide open use something like:
Pass ip source any dest LAN net
-
You'll need to post interface configs and firewall rules. There's really not much to it.
Are you sure the WAN rules on the microtik aren't preventing ping/access?
-
As a last resort I reset the MikroTik router to its factory defaults and re-configured it. It started to respond to ICMP / ping requests.
It is also connecting properly to the outside world. Earlier, from within its menu, it could not ping or traceroute to anywhere. Now it is able to do it.
One thing though, the MikroTik has a web interface on port 80. I still cannot get to it from the outside world. I looked in the pfSense logs but I see no signs of traffic coming in (either being passed or blocked). I have set the option "Log packets that are handled by this rule" for both the WAN and LAN interfaces for all the rules that are there. I'll do more research on this but if you have any ideas please let me know. Thank you all!
You'll need to post interface configs and firewall rules. There's really not much to it.
Are you sure the WAN rules on the microtik aren't preventing ping/access?
-
My idea is that the microtik responds on port 80 from LAN but not from WAN unless you explicitly tell it to do so. Just a guess.
-
MikroTik routers by default allow connections from the WAN side as far as I know. I have other MikroTiks deployed out there and they all respond to web page requests with no configuration necessary to make them do so.
My idea is that the microtik responds on port 80 from LAN but not from WAN unless you explicitly tell it to do so. Just a guess.
