Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Gateway address is a part of the subnet

    General pfSense Questions
    3
    6
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Heimire
      last edited by

      We are changing data center and the new data center gave us a new set of ip's.

      The new set includes the gateway in the ip setup like this:

      WAN IPv4:              x.xx.227.0/25 -
      Peer IP (IPv4):        x.xx.227.2/25 – CARP ip address - we are using 2 pfSense boxes.  ip for each box will be x.xx.227.3 and .4
      ISP Peer IP (IPv4): x.xx.227.1/25 – gateway they gave us.

      We will 1-1 NAT a bunch of IP's to the carp address.

      Never had IP addresses with the gateway as a part of it before.

      Anyone see any scenario where this does not work or might cause a problem?

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66
        last edited by

        In some cases, the gateway is not part of the subnet, but this is not a correct setup. In theory, you can only communicate with IPs in your subnet and you use the gateway to communicate outside your subnet. If your gateway is not part of your subnet, how would you communicate with it?

        My understanding. Practice may be a bit different. Hopefully someone with more practical knowledge can pipe up.

        1 Reply Last reply Reply Quote 0
        • H
          Heimire
          last edited by

          Maybe I didnt explain this well.

          This is the WAN setup.
          These are WAN IP addresses.

          I am used to a setup like this example:
          WAN gateway: 66.150.139.65 - this is the device on the ISP side.
          My firewall 66.150.139.66 - this is the first ip in the subnet.

          the .65 does not belong to my subnet and it does not exist on my side.

          The new ip set, the WAN gateway is an ip on my subnet.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            In my humble opinion, the datacenter should give you a /29 for your wan and route the /25 to an IP address on that /29 that you specify (your CARP IP).

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • H
              Heimire
              last edited by

              In my humble opinion, the datacenter should give you a /29 for your wan and route the /25 to an IP address on that /29 that you specify (your CARP IP).

              They gave us a /30 at first.
              Explained our setup then we got back what I listed above.

              I thought they would come back with the /25 and wan gateway outside the /25 but they did not.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Tell them what you want.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.