Routing /24 public subnet to smaller subnets
- 
 google subnetting. You'll need to know this. 
- 
 
- 
 I have, but when i try to use a subnet calculator for example http://www.subnet-calculator.com/subnet.php?net_class=C this site I just dont understand how i keep going after the first one 100.100.100.0/24 is assigned to me 
 i need to make the first subnet of
 100.100.100.1/29IP Address: 100.100.100.1 
 Netmask: 255.255.255.240
 CIDR Notation: /28
 Network Address: 100.100.100.0
 Usable Host Range: 100.100.100.1 - 100.100.100.14
 Broadcast Address: 100.100.100.15
 Total number of hosts: 16
 Number of usable hosts: 14when i create the next interface i just use .16 next correct? and then make a cidr from that IP? 
- 
 doesn't matter what you pick, you don't have to think about it …. that calculator will correct it anyways. btw you say you need a /29 yet your calculator is set to a /28 (thats double the address') 
- 
 subnetID-100.100.100.0/29 = iprange: 100.100.100.1-100.100.100.6 subnetID-100.100.100.8/29 = iprange: 100.100.100.9-100.100.100.14 subnetID-100.100.100.16/29 = iprange: 100.100.100.17-100.100.100.22 …... 
- 
 Yes. You are going to need to understand subnetting to do this job. It's not complicated but it's also easy to screw it up. Network address 
 Some number of host addresses
 Broadcast address
 Network address
 Some number of host addresses
 Broadcast address
- 
 Okay so i am trying to create a lab test before i put this into production. Here is what i have done so far. 
 I have 1 pfsense router with 2 NIC's ( same setup as my production )
 1wan 1lan
 wan has static address 10.0.0.49/24 ( was the next ip i had open on my lab router )
 lan has default pfsense 192.168.1.1i have disabled packet filtering 
 enabled bypass firewall rules for traffic on the same interface.
 –---------
 i have a VM on the local "lan"
 host needs to have a 10.0.0.x address with 1 usable IP.
 so going off of how to subnet
 i would need 10.0.0.52/30
 Network Address: 10.0.0.52
 Usable Host Range: 10.0.0.53 - 10.0.0.54
 Broadcast Address: 10.0.0.55
 Netmask: 255.255.255.252from what everyone is saying i would need the 10.0.0.53 to be the interface IP and the .54 would be for the host. I understand this part, now what steps do i need to take to make this work in my lab? 
- 
 Okay so i am trying to create a lab test before i put this into production. Here is what i have done so far. 
 I have 1 pfsense router with 2 NIC's ( same setup as my production )
 1wan 1lan
 wan has static address 10.0.0.49/24 ( was the next ip i had open on my lab router )
 lan has default pfsense 192.168.1.1i have disabled packet filtering Why? enabled bypass firewall rules for traffic on the same interface. Why? –--------- 
 i have a VM on the local "lan"
 host needs to have a 10.0.0.x address with 1 usable IP.
 so going off of how to subnet
 i would need 10.0.0.52/30
 Network Address: 10.0.0.52
 Usable Host Range: 10.0.0.53 - 10.0.0.54
 Broadcast Address: 10.0.0.55
 Netmask: 255.255.255.252from what everyone is saying i would need the 10.0.0.53 to be the interface IP and the .54 would be for the host. I understand this part, now what steps do i need to take to make this work in my lab? No. The routed subnet needs to be OUTSIDE of the interface subnet. What part of "you will need to understand subnetting to do this job" is unclear? 
- 
 I dont PF sense to do any firewall or SPI/DPI is it only for routing the subnets and creating vlans for privacy. What settings do i need to enable/disable for that to work? 
- 
 What settings do i need to enable/disable for that to work? nothing. 
 you need a /30 on your WAN
 and you can then just add your routed subnet spread out over your other vlans, trunked on your LAN interface
- 
 Okay. I understand. I just wish i could get this to work in the lab before i just pull my uplink and start doing this 100% ( not that i think you are wrong ) Do you know of a way to do this in a lab? i have a lab router on a 100/20 connection dhcp is enabled and the router ip is 10.0.0.1 2-254 is dhcp. 
- 
 Yes. Assign a /30 to the WAN, route a /24 to it, and dole out smaller subnets from a /24 on your various LAN interfaces/VLANs/whatever. 
