BGW320 ATT Modem PFSync question.

[TheGreatBellend]

I have an ATT Modem, specifically the BGW320.

To get an external IP address I need to set it to ip-passthrough with a fixed mac to the WAN port on my r210II that has opnsense on it.

I am working on getting a VM setup on my r740xd with 2 dedicated ports also running opnsense and setting up CARP on it.

Unfortunately this makes it so if I plug in the other device, I cant get passthrough so it cant get a wan ip address.

Has anyone done this before? Any ideas on how you got it to work?

[WaffleIron]

TheGreatBellend,

Do you need the modem?  Sounds like its normally a router that NATs and you are just bypassing its normal functionality by putting it into bridge mode.  Can you connect the ATT circuit directly to your own gear?  Or is the modem doing some conversion like coax to ethernet?

If you can remove the modem, and the circuit is larger than a /30 (255.255.255.252), you can just hook the circuit up to a switch (or even a vSwitch on the R740XD if both opnsense boxes are running inside it) and place the WAN interface of each opnsense box in the same vlan...and you are done.

If you can't, the only other thing I can think of (and I've never seen this functionality before...) is if the modem can assume two public IP addresses and bridge each IP address to a different opnsense MAC address.

[TheGreatBellend]

TheGreatBellend,

Do you need the modem?  Sounds like its normally a router that NATs and you are just bypassing its normal functionality by putting it into bridge mode.  Can you connect the ATT circuit directly to your own gear?  Or is the modem doing some conversion like coax to ethernet?

If you can remove the modem, and the circuit is larger than a /30 (255.255.255.252), you can just hook the circuit up to a switch (or even a vSwitch on the R740XD if both opnsense boxes are running inside it) and place the WAN interface of each opnsense box in the same vlan...and you are done.

If you can't, the only other thing I can think of (and I've never seen this functionality before...) is if the modem can assume two public IP addresses and bridge each IP address to a different opnsense MAC address.

Yeah the ISP requires the Modem. I want to use a VM on the R730XD as a backup in carp for the r210ii running opnsense dedicated.

Im trying to see if theres a way to do this without a L3 switch between the modem/router and the 2 devices

[WaffleIron]

You only have 1x internet circuit and 1x modem, right?  Both of those are single points of failure, so I assume you want to use CARP simply to have redundancy below the modem.  If that's the case I would suggest taking the ATT modem out of bridge mode and just doing a static NAT for all the traffic to opnsense.  (see attached for reference).

Assume your modem WAN IP is 2.2.2.2.  Configure the modem so that all traffic destined for 2.2.2.2 is NATd (port-forwarded) to the 10.1.1.2 CARP VIP of your opnsense boxes.  Make sure to disable any firewall that may exist on the modem and verify you can't access the modem's web interface over the internet so it doesn't get hacked.

Not sure if this satisfies what exactly you are trying to accomplish but it would work.