PPOE DSL connection with 8 fix IPs (no routed subnet)



  • I'm running pfsense since years on DSL using a routed subnet and this is just working perfectly. However i had to change the provider and my new provider assigned me 8 IPs (not a routed subnet) but i'm struggling to get a working configuration.

    I configured pfsense to handle to PPOE login and i'm getting the following address on the pfsense interface.

    IP: xxx.yyy.28.153/32

    According to my ISP they assigned me the net  xxx.yyy.28.152/29 which means i should be able to assign the IPs xxx.yyy.28.154-xxx.yyy.28.158 to my PPOE interface. I did try this with ARPproxy VIP and a 1:1 NAT to a system in my DMZ but i can't get to the DMZ server from the outside world.
    On the internal Network this work fine.
    I'm struggling to understand how my IPs can be reached from the PPOE connection (/32) and I would be extremely glad if someone could give a hint  ::) here.



  • Found this here

    ….you would have a static that is assigned to
    the wan of your router using ipip, and the /29 is routed to that
    address(think - ip route $subnet 255.255.255.248 $static). When that subnet
    hits your router you can do pretty much anything you want to with it. We
    usually suggest that customers assign the first usable to the lan of their
    router (usually ala linksys variety) and make sure that nat(or gateway mode)
    is turned off. They would set up their internal host using an ip out of the
    subnet with the router internal as their gateway. Some customers even add a
    second router for NATing (if you are using lo end soho routers that may be
    your only option). ......

    I'll try this ans see how it goes.



  • .. got a bit closer to the issue I believe. :-
    I found this article here http://alexbleicker.blogspot.ch/2013/12/how-to-use-pfsense-with-bt-infinity.html where the suggestion is to instead setting the VIP on the PPOE device, create the VIP on the localhost.



  • Problem is fixed: My ISP had an issue on the routing on his site. This is the working setup

    DSL line –> DSLmodem/router configured as bridge --> <pfsense>WAN interface configured as PPOE getting the 28.153/32--> VIP 28.154/29...128.155/29 and so on created on the localhost interface. NAT to forward the /29 IPs to the systems in the DMZ.
       </pfsense>