Using a static IP with Cincinnati Bell Fioptics - Odd condition

  • I'm attempting to set up pfsense to talk directly to the ONT fiber device and bypass my Zyxel VMG4381-B10A entirely.

    I've found a few threads that discuss this in general, but not with respect to pfsense.

    From what I've read on the above 3 threads, it seems that you have to allow your router (pfsense) to fetch a dynamic IP from the ONT device, and THEN you can basically register the static IP address.

    At first I was thinking I need to have 2 interfaces for the same ethernet port, one dynamic, and one static, but that isn't working due to the subnets being different. Next I was thinking I need to do 1:1 NAT maybe, but I'm not sure how I should configure this in pfsense.

    Anyone have any ideas?


  • I believe what your looking for would be a VIP. Virtual IP.

    Go to the firewall tab and its at the bottom.  Try IP Alias first as your situation seems to be the same as mine.

    /32 for single IP.

  • So I have tried that but I'm unable to ping the IP from an external address, or even traceroute to it (ICMP is enabled in firewall rules through that interface).

    This seems like such a unique situation. This is an example of how the existing router (Zyxel) through cincinnati bell basically works: = dynamic = static

    -the ONT is acting only as a L2 bridge
    -the Zyxel grabs via DHCP
    -The Zyxel then sends a GARP request for the IP configured as "private LAN"
    -The Zyxel configures a second IP on its LAN to be the gateway for the private LAN address
    -Upstream, the magician in the sky sets up a route to the private LAN IP gw
    -Static IP works!
    we end up with:
    Zyxel WAN:
    Zyxel LAN1:
    Zyxel LAN2: (gw)
    CPE static: (with .55 bcast and .52net)

    So in essence the dynamic IP is the next "hop" from the static IP (confirmed through a traceroute when using the zyxel modem).

    I feel like I'll eventually need to set up something in routing vs. being able to do NAT 1:1 or an Alias IP, but I'm pretty new at this.

Log in to reply