Solved

Assigning WAN IP to a LAN device (pfSense+PPPoE+VDSL)

Posted on 2014-10-19
4
1,522 Views
Last Modified: 2014-10-23
My internet service provider uses VDSL, and they have given me a Kasda modem/router combo device which is fairly open and configurable. I currently have it configured to be in "bridge mode". My ISP gives me a block of 4x static IP addresses

My router is a pfSense virtual machine. It has a WAN interface which is configured for PPPoE. I also have Virtual IPs configured for the other static IP addresses I have been assigned.

I'm looking to place one of my servers outside of the network, and assign it to one of my public IP addresses. I was looking into 1:1 NAT, but I don't think it's quite what I want. I want the server to actually have the public IP address assigned to it's network interface, not a private IP address.

If I had a normal Internet connection I would have just connected the server directly to my WAN switch and statically configured the IP, and pfSense wouldn't have been involved at all. But the added complexity of the VDSL service and the need for PPPoE makes things complicated.

I can configure as many network interface cards and VLANs as needed on my pfSense VM or the public-facing server, and I have a layer-3 switch I can work with (Cisco SG300).

Any ideas?
0
Comment
Question by:Frosty555
4 Comments
 
LVL 15

Assisted Solution

by:Phonebuff
Phonebuff earned 250 total points
ID: 40390858
In this day and age, unless you are building a honey pot the correct way to do this is with a NAT Map in your Firewall, pfSense or otherwise --


I'm looking to place one of my servers outside of the network, and assign it to one of my public IP addresses. I was looking into 1:1 NAT, but I don't think it's quite what I want. I want the server to actually have the public IP address assigned to it's network interface, not a private IP address.

=========================
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 40391291
if your looking for a 'dedicated' public connection and want that differen than your internal network
you could put the device in a DMX or separate zone
if your trying to use this device to bridge 2 networks any reason why you can't have multiple nics and assign different addresses to each NIC
then its pretty easy to play both sides but you still need to route the traffic

and for security purposes i would agree it is best to still NAT
0
 
LVL 17

Accepted Solution

by:
pergr earned 250 total points
ID: 40391407
If you have PPPoE plus a block of 4 addresses (/30), then your ISP has a static route for the /30 with next-hop address being your PPPoE address.

You could, on your router/server/pppoe-client use an internal interface and assign the /30 on that interface. That would be, for example:

.0/30 network address
.1/30 router address
.2/30 next device address
.3/30 broadcast address

So, the next device could be your other server.

This means you can only address one additional device with the /30.

If you instead use destination-nat on the first router, then you can address 4 devices with the /30,
0
 
LVL 31

Author Closing Comment

by:Frosty555
ID: 40400002
Pergr, that makes things so much clearer, thank you.

I guess I'll be going with the 1:1 NAT!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question