Single WAN multiple Public IP's through LAN interface

  • Hi,

    I'm trying to figure out how to achieve this setup, I'm kind of new to this level of networking, I'm a software developer by trade!

    I have multiple IP's from my ISP, they have installed a Modem and given me the following details:

    External IP:
    Network IP:

    At the moment i have configured a PFsense WAN that sits on: to get us online, this goes directly into a Modem to an EFM line.

    I need to setup a multiple "tenancy" network, so that I can issue out public IP's to users to put into their routers (not all PFsense) (i.e give out IPs from the range.)

    I've drawn a Diagram of what i want to achieve, I've seen it done before but never setup a system like it from scratch.

    How would I configure the "edge" router? it's not to do any filtering or anything, the management is so that i can change any settings i need to by hooking up a cable directly to the box.

    Hope someone can help or point me in the right direction.



  • Hi.

    If you want to issue internal IPs to those 3 routers you can do 1:1 NAT and assign a public IP to an internal IP. Most of the time that gets the job done.

    But if you have a specific case where you NEED to give the routers public IPs, you need something called transparent bridging.

    Take a look at this guide here and see if it works for you: Firewall-Filtering Bridge - pfSense 2.0.2 By William Tarrh.pdf

    Do you really need to have public IP addresses on those 3 router WAN interfaces tho ? I see most of the time 1:1 NAT works for everything I have done.

  • Thanks for your response.

    Yep i do really need to have Public IP's, They are for tenants who will be using their own routers with firewall rules etc for their office . I've setup 1:1 NAT before however it's not ideal for these requirements.
    I will have go at bridged setup, it's something I've not considered before.

    I assume the IP i setup on the "LAN" interface is and this would become the gateway IP for the routers?

  • Why not just use the /30 as the WAN and .57/29 as the LAN on your edge box? Then check the box under advanced to disable the firewall and NAT. Have the tenants use 58-62/29 and have them point to the edge LAN (.57) I f you need a separate private management IP, use an OPT interface. (or just manage via the LAN ip)