Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Shared WAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 2 Posters 699 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      seniorf
      last edited by

      Hello,

      A question from a pfSense newb to pfSense pro's out there. A client wants to share there fast fibre line with their sub-tenants. I'd really like to provide them with a routable public IP which they can use in their own router/firewall.

      Can pfSense be configured in a Transparent IP mode (Layer 3) so that a single WAN connection can be shared out and providing them a routable public IP?

      If this is possible, can I then use pfSense's traffic shaper to provide a Guaranteed Minimum bandwidth?

      Thank you

      Max

      1 Reply Last reply Reply Quote 0
      • C
        chadc01e
        last edited by

        If they obtain a range of public facing IP's from the ISP, Yes you can do exactly that (ISPs usually charge for a block of Public IP's to use.)

        Then you could in theory add the extra public IP's to the "Virtual IP's" section of PFSense, and then create 1:1 NAT Routes and Firewall rules to each tenant's router to break the IP down into the more common 192.168 or 10.10 style subnetworks.

        This would be of benefit if the tenants need to do anything that would require communication Back into their private networks (running servers, remote desktop access, etc.)

        You could technically also keep everything in a local network setting using a managed switch that supports VLANs

        Ex:

        Public IP's > PFSense with 1:1 NAT + Routes > Switch > Tenant Routers > Tenant Computers (*More Complex)

        OR

        Single Public IP > PFSense with VLANs > Switch w/ VLANs > Tenant Routers > Tenant Computers (*Less Complex)

        My knowledge is by far basic on this but either way is doable, And it depends on one factor, Do the tenants need to run a server or do they *Need a static IP thats public facing? Because if not, Just get a decent multiport managed switch and do VLAN's to isolate each tenant while still sharing the single public IP the landlord is already assigned from the ISP.

        As for traffic shaping, Yes, across the board… You can use Traffic Shaper to create limits that are applied via Firewall Rules. to throttle clients as much or as little as you would like.

        One last word of caution, Have the client make REAL sure that his ISP contracts allow him to sublease the connection to other parties. Paid or not... Some can be a real stickler about what you do with the connection you pay for. (its lame, but it happens...)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.