Solved

Assigning WAN IP to a LAN device (pfSense+PPPoE+VDSL)

Posted on 2014-10-19
4
1,483 Views
Last Modified: 2014-10-23
My internet service provider uses VDSL, and they have given me a Kasda modem/router combo device which is fairly open and configurable. I currently have it configured to be in "bridge mode". My ISP gives me a block of 4x static IP addresses

My router is a pfSense virtual machine. It has a WAN interface which is configured for PPPoE. I also have Virtual IPs configured for the other static IP addresses I have been assigned.

I'm looking to place one of my servers outside of the network, and assign it to one of my public IP addresses. I was looking into 1:1 NAT, but I don't think it's quite what I want. I want the server to actually have the public IP address assigned to it's network interface, not a private IP address.

If I had a normal Internet connection I would have just connected the server directly to my WAN switch and statically configured the IP, and pfSense wouldn't have been involved at all. But the added complexity of the VDSL service and the need for PPPoE makes things complicated.

I can configure as many network interface cards and VLANs as needed on my pfSense VM or the public-facing server, and I have a layer-3 switch I can work with (Cisco SG300).

Any ideas?
0
Comment
Question by:Frosty555
4 Comments
 
LVL 15

Assisted Solution

by:Phonebuff
Phonebuff earned 250 total points
ID: 40390858
In this day and age, unless you are building a honey pot the correct way to do this is with a NAT Map in your Firewall, pfSense or otherwise --


I'm looking to place one of my servers outside of the network, and assign it to one of my public IP addresses. I was looking into 1:1 NAT, but I don't think it's quite what I want. I want the server to actually have the public IP address assigned to it's network interface, not a private IP address.

=========================
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 40391291
if your looking for a 'dedicated' public connection and want that differen than your internal network
you could put the device in a DMX or separate zone
if your trying to use this device to bridge 2 networks any reason why you can't have multiple nics and assign different addresses to each NIC
then its pretty easy to play both sides but you still need to route the traffic

and for security purposes i would agree it is best to still NAT
0
 
LVL 17

Accepted Solution

by:
pergr earned 250 total points
ID: 40391407
If you have PPPoE plus a block of 4 addresses (/30), then your ISP has a static route for the /30 with next-hop address being your PPPoE address.

You could, on your router/server/pppoe-client use an internal interface and assign the /30 on that interface. That would be, for example:

.0/30 network address
.1/30 router address
.2/30 next device address
.3/30 broadcast address

So, the next device could be your other server.

This means you can only address one additional device with the /30.

If you instead use destination-nat on the first router, then you can address 4 devices with the /30,
0
 
LVL 31

Author Closing Comment

by:Frosty555
ID: 40400002
Pergr, that makes things so much clearer, thank you.

I guess I'll be going with the 1:1 NAT!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now