Setting up a new leased connection - New to networking!

[zainsyed]

Hey guys,
First off, I'm sorry if this question has been answered already. But I couldn't find how to set something up like this.

These are the details that the ISP has provided me.

WAN IP x.x.x.x/30
WAN Gateway x.x.x.x
Subnet Mask 255.255.255.252

LAN IP x.x.x.x/29
LAN Gateway x.x.x.x
Subnet Mask 255.255.255.248

Usable IPs (LAN) 5 in number
Primary DNS y.y.y.y
Secondary DNS z.z.z.z

This totally threw me off and I couldn't understand what LAN usable IPs are in the first place.
I searched a bit and found out that if I put the WAN details on Opnsense, then the LAN IPs I can assign are only 5.

The ISP has a modem and I've connected the opnsense on 1 port

I want to configure opnsense such that it has it's own LAN network (onto which I can connect as many clients as I'd like, obviously within the subnet I configure) utilizing the one or more of the LAN IPs

How can this be done?

[dseven]

You can probably just ignore the /29 subnet that they've assigned you for "LAN", and use your own RFC1918 subnet (192.168.1.0/24 or whatever you like), and have OPNsense do NAT (which it does by default anyway).

[doktornotor]

If you want to use the routable public IPs on an internal interface, disable NAT for it on WAN (hybrid outbound NAT, on WAN do not NAT source x.x.x.x/29, destination/protocol - any). If you want something else, perhaps clarify what you want.

If you want to waste the /29, see above post.

[zainsyed]

Alright.
I understand both the points.

@dseven. That is how I had configured it. Ignoring the /29 subnet. But now I realize that I need the routable public IPs to let some servers have an public IP of their own.

@doktornotor.
I have attached an image of the network that I plan to have eventually.
FYI: I need the nethserver right now as it has old insecure VPN encryption algorithms and the clients/partners aren't budging on setting up a new VPN.

To keep it short. I need to give some servers the public IPs that the new ISP has provided. I will look into disabling NAT for those specific IPs (and how that's done, if I don't get it I might reach out again).

For now, I have 2 subnets (192.168.0.0/24 and 192.168.1.0/24) running on the Nethserver. One for DHCP and direct connections and the other via openvpn resp.

I plan to put another subnet 192.168.2.0/24 on OpnSense LAN interface for clients which will go through the new ISP.
This is where I'm confused. How do I achieve both of my requirements? I'm confused in regard to the LAN configuration particularly!

On a side note, I'm unable to access the opnsense portal from the OpenVPN subnet (As of now I assigned 192.168.0.40/24 as the LAN IP to be able to access from the existing private network). I'm able to access the portal from within the office network of 192.168.0.0/24 subnet but not via VPN from the 192.168.1.0/24.
I know this is a separate discussion but if you're ok to answer it here I won't be creating a thread for this separately

[dseven]

In that case, you probably want to create an additional LAN, probably a VLAN, using the /29 subnet, and make that not NAT'ed outbound. You'll need managed switches if you go with VLAN's....