How to configure Public IPs purchased from ISP?

Started by fakebizprez, July 29, 2024, 06:00:05 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 29, 2024, 06:00:05 PM
I purchased a block of IP addresses from my ISP, and was given the following information from them.

What am I supposed to do with this "Static Gateway IP address," as it pertains to OPNsense?

Historically, I have 192.168.1.1 assigned to OPNsense, I would change the configuration in the DHCP service to make one of the local IPs static, and so on and so on; but having these static IPs assigned to me has me very, very confused.

Code Select
Static Subnet Mask 255.255.255.248
Static Gateway IP =  xx.xx130.206
Static IP # 1 = xx.xx.130.201
Static IP # 2 = xx.xx.130.202
Static IP # 3 = xx.xx.130.203
Static IP # 4 = xx.xx.130.204
Static IP # 5 = xx.xx.130.205
Static Primary DNS = xx.xx.156.1
Static Secondary DNS = xx.xx.157.1


Anything pertaining to static IPs and best practices for configuring them is welcome!
Founder & President of linehaul.ai - a logistics and technology services provider.
July 29, 2024, 11:29:03 PM #1
I'm a bit worried you are in over your head before you'd even started. Why did you purchase them (are they for remote access needs, webserver hosting, a VPN, etc)?

Should be as simple as configuring their provided gateway address under System > Gateways > Configuration. Then assign one of your static IPs to an external-facing interface under Interfaces > <interface name>. Likely called WAN, or WAN1. I highly suggest configuring and testing a WAN2 interface if you have spare ports on your hardware, and set it up to request DHCP from your ISP. Just in case you bork the first attempt saving the new configuration for WAN1 with the static, you can just connect WAN2 and be back online to do more web searching for troubleshooting.
August 02, 2024, 07:28:28 AM #2
You are correct about being in over my head, but not for the reason you mentioned. I've had OPNsense running for a month before I bought static IPs.

I temporarily went back to my ATT BGW-320 because it wreaks havoc on the network when you try to keep it in  passthrough mode (it doesn't have true bridge mode), and I've been impatiently to procure the gear to bypass/masquerade this ATT Gateway and go straight to the OPNsense firewall directly from wall.

Based on your comment, I imagine it's much easier to manage this block of IPs vs. on the ATT gateway which gives almost no control, and has no problem assigning a static IP to my washer/dryer with little means to change the assignment without turning the device off. It's a nightmare.

The drivers for this Intel X710 dual SFP should be installed any minute on a PowerEdge R710 and hopefully this problem will have resolved itself.
Founder & President of linehaul.ai - a logistics and technology services provider.
August 02, 2024, 07:38:39 AM #3
You bought them from your ISP? Simple enough. Assign one of them statically to your WAN interface with the proper netmask/length and the gateway they gave you.

E.g. xx.xx.130.201/29

If that works, please report back. If it doesn't, you need to contact your ISP support - and then possibly come back with whatever they told you you were supposed to do instead of static configuration.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 04, 2024, 06:41:49 PM #4
Thank you, Patrick.

As soon as I get this PowerEdge R730 running OPNsense (https://forum.opnsense.org/index.php?topic=41963.0), I will do just that and report back.

Appreciate the input.
Founder & President of linehaul.ai - a logistics and technology services provider.
August 04, 2024, 09:48:14 PM #5
Quote from: Patrick M. Hausen on August 02, 2024, 07:38:39 AMAssign one of them statically to your WAN interface with the proper netmask/length and the gateway they gave you.

E.g. xx.xx.130.201/29

Patrick,

Since my Static Gateway IP =  xx.xx130.206, and OPNsense will be my DHCP server, shouldn't I assign this static IP address to OPNsense's  WAN interface instead of one of the five usable IPs?

The more I think about it, a lot of the confusion is about what to do with the Static IP Gateway. The DNS servers, I can pretty much ignore if I'm using Cloudflare DNS right?
Founder & President of linehaul.ai - a logistics and technology services provider.
August 04, 2024, 10:07:57 PM #6 Last Edit: August 05, 2024, 06:27:28 AM by Patrick M. Hausen
In typical scenarios the static IP addresses all go on your WAN interface and the gateway you were told is the ISPs router on WAN. You will need to set up port forwarding or reverse proxying to all internal (or DMZ) servers you want to be publicly reachable. So start with one of the addresses, the proper netmask, and the gateway as I wrote and when that works for Internet connectivity you cann add the remaining 4 addresses as aliases.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
August 05, 2024, 12:26:48 AM #7
Thank you. The plan is to keep things as simple as possible, by forwarding the least amount of ports possible, and utilize Tunnels/Mesh Network in conjunction with a Reverse Proxy.

All oft his would be installed locally on OPNsense.
Founder & President of linehaul.ai - a logistics and technology services provider.
Print
Go Up Pages1
User actions