• Guys,

    I have had a single public IP for the longest time and now need some static addresses, so I picked up a single /29 block from AT&T.

    First off I have pfSense connected directly to my fiber terminal (bypassing the AT&T NVG589 gateway).  Doing this is simple and I wont describe the steps to do so here.  Basically, the pfSense router is spoofing the MAC address of the NVG589 gateway and I statically assign the originally assigned DHCP address as a static to the WAN interface.  This is working well and no problems…

    Here are my addresses...

    WAN - 162.229.xxx.xxx/22 (Technically assigned via DHCP, but its always the same from AT&T and doesn't change for Gigapower customers)  This is whats currently assigned to the pfSense WAN interface.

    NEW Static Addresses: 23.116.xxx.0/29 through 23.116.xxx.7/29, Usable IP Range: 23.116.xxx**.1-.5**/29, Gateway: 23.116.xxx.6/29, Broadcast: 23.116.xxx.7/29

    I am here seeking advice as to how to get machines on the LAN side of my pfSense network to be statically assigned one from the new range (.1 - .5)?  I am hoping to leave the WAN interface as is and just allow traffic from machines within the new static IP range.  Or can someone tell me more about what I maybe overlooking!

    Thanks for your help in advance!!


  • Not sure what you're asking here. Are you asking how to NAT your external addresses (.1-.5) to machines in your LAN? Or whether you want to route traffic out from specific LAN devices through specific external IPs? Or, whether you just want to assign external IPs to devices which were formerly on your LAN?

    I'm going to take a guess and assume it's the first one. To map external IPs to your internal machines, you create a virtual IP bound to your WAN address for each of the external addresses you'll be using. You next create a port forward using each VIP to point to the internal IP of the corresponding machine on the LAN. This video should help explain how to create a port forward:

    Youtube Video

    There's also the official explanation here:


  • @icemanncsu:

    … spoofing the MAC address ... and I statically assign the originally assigned DHCP address as a static to the WAN interface.

    Why that?
    If you already spoof the MAC then it should pull the same IP from DHCP server.
    Remember to K.I.S.S.!