Desired Configuration:
Assign a host with one of the /29 public addresses directly without using NAT. Is this at all possible?
My Configuration:
ISP has assigned me a static /30 and /29 block.
ISP uses PPPoE (GPON Fiber from an ISP still living in the DSL era)
WAN Interface
iPv4 Configuration Type: PPPoE
I'm assigned the /32 ip address via PPPoE with the gateway of 10.10.10.15 (I assume this is the PPPoE server address on the ISP end.)
Virtual IPs:
I have configured the /29 block as an IP Alias under the WAN interface.
NAT, 1:1 NAT, and outbound NAT all function correctly using the /29 addresses.
Any help would be appreciated.
Assign the /29 block - one address of that with a /29 netmask - to a different interface. Then connect your servers with the remaining addresses (5 of them) to that network. OPNsense will be the default gateway. No NAT, only firewall rules necessary.
Hi Patrick,
Thanks. That configuration does work.
One issue left - Floating Rules / WAN Rules
The new interface, (assigned the /29), ultimately routes out of the WAN(PPPoE) gateway and is therefor impacted by floating rules assigned to the WAN(PPPoE) interface. I don't want the /29 to be impacted by some floating rule (e.g., GEO IP Block).
The only way I can think to fix this is by changing the destination for inbound rules from ANY to DEFINED SUBNET. And in reverse for the outbound rules. Thus excluding the /29 subnet.
Do you agree or have any better ideas?
Thanks
Josh