Single WAN multiple Public IP's through LAN interface



  • Hi,

    I'm trying to figure out how to achieve this setup, I'm kind of new to this level of networking, I'm a software developer by trade!

    I have multiple IP's from my ISP, they have installed a Modem and given me the following details:

    Gateway: xxx.xxx.13.2/3
    External IP: xxx.xxx.13.2/31
    Network IP:  xxx.xxx.48.56/29

    At the moment i have configured a PFsense WAN that sits on: xxx.xxx.13.2/30 to get us online, this goes directly into a Modem to an EFM line.

    I need to setup a multiple "tenancy" network, so that I can issue out public IP's to users to put into their routers (not all PFsense) (i.e give out IPs from the xxx.xxx.48.56/29 range.)

    I've drawn a Diagram of what i want to achieve, I've seen it done before but never setup a system like it from scratch.

    How would I configure the "edge" router? it's not to do any filtering or anything, the management is so that i can change any settings i need to by hooking up a cable directly to the box.

    Hope someone can help or point me in the right direction.

    Thanks

    Jimmy




  • Hi.

    If you want to issue internal IPs to those 3 routers you can do 1:1 NAT and assign a public IP to an internal IP. Most of the time that gets the job done.

    But if you have a specific case where you NEED to give the routers public IPs, you need something called transparent bridging.

    Take a look at this guide here and see if it works for you: http://people.pharmacy.purdue.edu/~tarrh/Transparent Firewall-Filtering Bridge - pfSense 2.0.2 By William Tarrh.pdf

    Do you really need to have public IP addresses on those 3 router WAN interfaces tho ? I see most of the time 1:1 NAT works for everything I have done.



  • Thanks for your response.

    Yep i do really need to have Public IP's, They are for tenants who will be using their own routers with firewall rules etc for their office . I've setup 1:1 NAT before however it's not ideal for these requirements.
    I will have go at bridged setup, it's something I've not considered before.

    I assume the IP i setup on the "LAN" interface is xxx.xxx.48.56 and this would become the gateway IP for the routers?



  • Why not just use the /30 as the WAN and .57/29 as the LAN on your edge box? Then check the box under advanced to disable the firewall and NAT. Have the tenants use 58-62/29 and have them point to the edge LAN (.57) I f you need a separate private management IP, use an OPT interface. (or just manage via the LAN ip)