Solved

Assigning WAN IP to a LAN device (pfSense+PPPoE+VDSL)

Posted on 2014-10-19
4
1,594 Views
Last Modified: 2014-10-23
My internet service provider uses VDSL, and they have given me a Kasda modem/router combo device which is fairly open and configurable. I currently have it configured to be in "bridge mode". My ISP gives me a block of 4x static IP addresses

My router is a pfSense virtual machine. It has a WAN interface which is configured for PPPoE. I also have Virtual IPs configured for the other static IP addresses I have been assigned.

I'm looking to place one of my servers outside of the network, and assign it to one of my public IP addresses. I was looking into 1:1 NAT, but I don't think it's quite what I want. I want the server to actually have the public IP address assigned to it's network interface, not a private IP address.

If I had a normal Internet connection I would have just connected the server directly to my WAN switch and statically configured the IP, and pfSense wouldn't have been involved at all. But the added complexity of the VDSL service and the need for PPPoE makes things complicated.

I can configure as many network interface cards and VLANs as needed on my pfSense VM or the public-facing server, and I have a layer-3 switch I can work with (Cisco SG300).

Any ideas?
0
Comment
Question by:Frosty555
4 Comments
 
LVL 15

Assisted Solution

by:Phonebuff
Phonebuff earned 250 total points
ID: 40390858
In this day and age, unless you are building a honey pot the correct way to do this is with a NAT Map in your Firewall, pfSense or otherwise --


I'm looking to place one of my servers outside of the network, and assign it to one of my public IP addresses. I was looking into 1:1 NAT, but I don't think it's quite what I want. I want the server to actually have the public IP address assigned to it's network interface, not a private IP address.

=========================
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 40391291
if your looking for a 'dedicated' public connection and want that differen than your internal network
you could put the device in a DMX or separate zone
if your trying to use this device to bridge 2 networks any reason why you can't have multiple nics and assign different addresses to each NIC
then its pretty easy to play both sides but you still need to route the traffic

and for security purposes i would agree it is best to still NAT
0
 
LVL 17

Accepted Solution

by:
pergr earned 250 total points
ID: 40391407
If you have PPPoE plus a block of 4 addresses (/30), then your ISP has a static route for the /30 with next-hop address being your PPPoE address.

You could, on your router/server/pppoe-client use an internal interface and assign the /30 on that interface. That would be, for example:

.0/30 network address
.1/30 router address
.2/30 next device address
.3/30 broadcast address

So, the next device could be your other server.

This means you can only address one additional device with the /30.

If you instead use destination-nat on the first router, then you can address 4 devices with the /30,
0
 
LVL 31

Author Closing Comment

by:Frosty555
ID: 40400002
Pergr, that makes things so much clearer, thank you.

I guess I'll be going with the 1:1 NAT!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
FTP Transfer Speeds ... 6 70
cannot view videos at msnbc 12 65
Applying Computer Settings 12 76
Changing the default VLAN on a Cisco switch? 9 60
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question