Multiple Public IP address - Use without NAT. (PPPoE multiple WAN blocks)

Started by jrdwiz, May 05, 2024, 06:44:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 05, 2024, 06:44:19 PM
Desired Configuration:
Assign a host with one of the /29 public addresses directly without using NAT. Is this at all possible?

My Configuration:

ISP has assigned me a static /30 and /29 block.
ISP uses PPPoE (GPON Fiber from an ISP still living in the DSL era)

WAN Interface
iPv4 Configuration Type: PPPoE

I'm assigned the /32 ip address via PPPoE with the gateway of 10.10.10.15 (I assume this is the PPPoE server address on the ISP end.)

Virtual IPs:
I have configured the /29 block as an IP Alias under the WAN interface.


NAT, 1:1 NAT, and outbound NAT all function correctly using the /29 addresses.

Any help would be appreciated.


May 05, 2024, 07:02:32 PM #1 Last Edit: May 05, 2024, 10:01:39 PM by Patrick M. Hausen
Assign the /29 block - one address of that with a /29 netmask - to a different interface. Then connect your servers with the remaining addresses (5 of them) to that network. OPNsense will be the default gateway. No NAT, only firewall rules necessary.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 05, 2024, 09:46:43 PM #2
Hi Patrick,

Thanks. That configuration does work.

One issue left - Floating Rules / WAN Rules

The new interface, (assigned the /29), ultimately routes out of the WAN(PPPoE) gateway and is therefor impacted by floating rules assigned to the WAN(PPPoE) interface. I don't want the /29 to be impacted by some floating rule (e.g., GEO IP Block).

The only way I can think to fix this is by changing the destination for inbound rules from ANY to DEFINED SUBNET. And in reverse for the outbound rules. Thus excluding the /29 subnet.

Do you agree or have any better ideas?

Thanks
Josh

Print
Go Up Pages1
User actions