Solved

Assigning WAN IP to a LAN device (pfSense+PPPoE+VDSL)

Posted on 2014-10-19
4
1,734 Views
Last Modified: 2014-10-23
My internet service provider uses VDSL, and they have given me a Kasda modem/router combo device which is fairly open and configurable. I currently have it configured to be in "bridge mode". My ISP gives me a block of 4x static IP addresses

My router is a pfSense virtual machine. It has a WAN interface which is configured for PPPoE. I also have Virtual IPs configured for the other static IP addresses I have been assigned.

I'm looking to place one of my servers outside of the network, and assign it to one of my public IP addresses. I was looking into 1:1 NAT, but I don't think it's quite what I want. I want the server to actually have the public IP address assigned to it's network interface, not a private IP address.

If I had a normal Internet connection I would have just connected the server directly to my WAN switch and statically configured the IP, and pfSense wouldn't have been involved at all. But the added complexity of the VDSL service and the need for PPPoE makes things complicated.

I can configure as many network interface cards and VLANs as needed on my pfSense VM or the public-facing server, and I have a layer-3 switch I can work with (Cisco SG300).

Any ideas?
0
Comment
Question by:Frosty555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 15

Assisted Solution

by:Phonebuff
Phonebuff earned 250 total points
ID: 40390858
In this day and age, unless you are building a honey pot the correct way to do this is with a NAT Map in your Firewall, pfSense or otherwise --


I'm looking to place one of my servers outside of the network, and assign it to one of my public IP addresses. I was looking into 1:1 NAT, but I don't think it's quite what I want. I want the server to actually have the public IP address assigned to it's network interface, not a private IP address.

=========================
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 40391291
if your looking for a 'dedicated' public connection and want that differen than your internal network
you could put the device in a DMX or separate zone
if your trying to use this device to bridge 2 networks any reason why you can't have multiple nics and assign different addresses to each NIC
then its pretty easy to play both sides but you still need to route the traffic

and for security purposes i would agree it is best to still NAT
0
 
LVL 17

Accepted Solution

by:
pergr earned 250 total points
ID: 40391407
If you have PPPoE plus a block of 4 addresses (/30), then your ISP has a static route for the /30 with next-hop address being your PPPoE address.

You could, on your router/server/pppoe-client use an internal interface and assign the /30 on that interface. That would be, for example:

.0/30 network address
.1/30 router address
.2/30 next device address
.3/30 broadcast address

So, the next device could be your other server.

This means you can only address one additional device with the /30.

If you instead use destination-nat on the first router, then you can address 4 devices with the /30,
0
 
LVL 31

Author Closing Comment

by:Frosty555
ID: 40400002
Pergr, that makes things so much clearer, thank you.

I guess I'll be going with the 1:1 NAT!
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question