AT&T Fiber Interface Assignments?

Started by StarsAndBars, April 25, 2024, 06:54:55 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 25, 2024, 06:54:55 PM
Greetings All!

I have AT&T Residential Fiber and I purchased a pack of static IPs and have those addresses as given to me.

I have OPNSense running on a generic white-box Xeon system that has several copper ports and 2 10gig SFP+ ports. Right now I have the incoming fiber directly connected to the OPNSense firewall through a custom SFP module from FS that can act as XGS-PON, so I no longer need the AT&T 320 gateway and it is completely disconnected and out of the loop here.

My question is how I leverage the static IPs I want to use. I have to set the OPNSense to DHCP on the WAN side to get a connection, and the IP address assigned via DHCP is NOT in the block of static IPs that I have.

Do I just create additional interfaces on the copper ports and assign the static IPs to each of them? If that is the case, does anyone have details on how to achieve this? If there is a write-up or a tutorial somewhere that addresses this, please point me to it.

Thanks!
April 26, 2024, 01:45:27 AM #1
Depends on what you want to do with these addresses. If you want to use them for ...
... (S)NAT, simply add them to the WAN interface as virtual IPs.
... services running on OPNsense itself, adding them to additional loopback interfaces generally is a good idea.
... hosts in your network, you can configure an OPNsense LAN interface with the public subnet, just like you would with private addresses.

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
April 29, 2024, 01:55:06 AM #2
Thank you, and could you please point me to the documentation on how to achieve this?

I have several unused copper ports on my hardware, and I would just like to add each of the static IPs from my block assigned to me to each one of those copper ports.

I appreciate the pointers, and I am eager to learn more. Thanks again!
April 30, 2024, 01:15:33 AM #3
Are there multiple devices connected to each of those ports and you want to use the static IPs for outbound NAT?
Or is there just one device connected to each of those ports and you want to assign a unique public IP to each device?
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
April 30, 2024, 05:09:54 PM #4
I was looking to assign a static IP directly to each of the available copper ports.

Then, I would most likely use a different firewall or router device in each of those ports. At the moment, I can't think of any single, stand-alone device that I would assign a static IP to, other than the aforementioned firewall/router.
April 30, 2024, 05:12:56 PM #5
You cannot assign a single IP to "a port". The IP musst be directly configured or otherwise routed to the device connected to that port, supposedly to provide some service reachable at that IP address.

So what are these devices and their respective services like?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 01, 2024, 06:48:16 PM #6
What Patrick says.

The straight forward approach is connecting one spare OPNsense port and all of the downstream routers' WAN ports to a switch. You can then statically configure your public subnet on that OPNsense interface and on your downstream routers' WAN interfaces (each with their own public address). The downside is that three IP addresses will be "wasted" (network, gateway and broadcast address).

If you don't want to use a separate switch, you can bridge multiple ports in OPNsense.
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
Print
Go Up Pages1
User actions