Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Assigning WAN IP to a LAN device (pfSense+PPPoE+VDSL)

Posted on 2014-10-19
4
Medium Priority
?
1,940 Views
Last Modified: 2014-10-23
My internet service provider uses VDSL, and they have given me a Kasda modem/router combo device which is fairly open and configurable. I currently have it configured to be in "bridge mode". My ISP gives me a block of 4x static IP addresses

My router is a pfSense virtual machine. It has a WAN interface which is configured for PPPoE. I also have Virtual IPs configured for the other static IP addresses I have been assigned.

I'm looking to place one of my servers outside of the network, and assign it to one of my public IP addresses. I was looking into 1:1 NAT, but I don't think it's quite what I want. I want the server to actually have the public IP address assigned to it's network interface, not a private IP address.

If I had a normal Internet connection I would have just connected the server directly to my WAN switch and statically configured the IP, and pfSense wouldn't have been involved at all. But the added complexity of the VDSL service and the need for PPPoE makes things complicated.

I can configure as many network interface cards and VLANs as needed on my pfSense VM or the public-facing server, and I have a layer-3 switch I can work with (Cisco SG300).

Any ideas?
0
Comment
Question by:Frosty555
4 Comments
 
LVL 15

Assisted Solution

by:Phonebuff
Phonebuff earned 1000 total points
ID: 40390858
In this day and age, unless you are building a honey pot the correct way to do this is with a NAT Map in your Firewall, pfSense or otherwise --


I'm looking to place one of my servers outside of the network, and assign it to one of my public IP addresses. I was looking into 1:1 NAT, but I don't think it's quite what I want. I want the server to actually have the public IP address assigned to it's network interface, not a private IP address.

=========================
0
 
LVL 12

Expert Comment

by:DarinTCH
ID: 40391291
if your looking for a 'dedicated' public connection and want that differen than your internal network
you could put the device in a DMX or separate zone
if your trying to use this device to bridge 2 networks any reason why you can't have multiple nics and assign different addresses to each NIC
then its pretty easy to play both sides but you still need to route the traffic

and for security purposes i would agree it is best to still NAT
0
 
LVL 17

Accepted Solution

by:
pergr earned 1000 total points
ID: 40391407
If you have PPPoE plus a block of 4 addresses (/30), then your ISP has a static route for the /30 with next-hop address being your PPPoE address.

You could, on your router/server/pppoe-client use an internal interface and assign the /30 on that interface. That would be, for example:

.0/30 network address
.1/30 router address
.2/30 next device address
.3/30 broadcast address

So, the next device could be your other server.

This means you can only address one additional device with the /30.

If you instead use destination-nat on the first router, then you can address 4 devices with the /30,
0
 
LVL 31

Author Closing Comment

by:Frosty555
ID: 40400002
Pergr, that makes things so much clearer, thank you.

I guess I'll be going with the 1:1 NAT!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question