Public Ip-address to VLAN and vice versa

[haplo_]

Hi,

I'm new to Opnsense, not new to general networking, but haven't dived deep into it until now :)

I'm the co-administrator of internet and networking in an apartment block with 23 apartments.

We've just gotten fiber installed and the ISP is delivering a block of IP-addresses xx.xx.xx.xx/27

We've set up a mini-PC with Opnsense to be the edgerouter, behind it we have an HP layer 2 VLAN capable switch (hp 2530-24g).

I would like to put every apartment on it's own VLAN, not capable to talk to any other VLAN.
Each apartment have their own consumer grade router, of which I have no control.

Every apartment should have their own external IP-address.

I would also like to apply traffic shaping to share the connection evenly.

How would you go about doing that with OpnSense and the VLAN capable switch?

Should I use 1:1 NAT? But how do you do public IP address <-> VLAN?
Should VLANs be all on OpnSense, all on the switch or should it be a combination?

Thanks in advance!

[amitis5]

You have to set virtual IPs (interfaces->virtual IP) and then use 1:1 nat rule for each.  I would assign a static IP for each apartment and simply 1:1 the assigned public ip to the local IP.  Don't forget to add full allow rules in the WAN portion of the firewall.