|
(Note: IPs referenced below are not mine and only for example purposes) So I moved my home office and lab to a new location , previous ISP setup was Comcast Business cable, 5 bridged static IPs, pfSense. Due to some special requirements I do some NAT forwarding. So the configuration was a pretty simple WAN port /LAN port, single IP overload, 4 Virtual IPs configured, NAT translations in and outbound. Single subnet on the LAN side. That setup worked perfectly fine. New ISP is Ethernet over fiber with just a media converter. Now this ISP is a CO-OP, and they practically have to outsource any technical help beyond normal help desk situations. Like before, pfSense, WAN, LAN on a single subnet, 3 static IPs from the ISP. Except this ISP does PPPOE, which auto-assigns a 198.68.100.193/32 address. Their explanation regarding the configuration: You connect to our network via PPPoE and only get assigned a single (/32) IP Address to whatever device performs your PPPoE authentication, we have to create static routes in our PPPoE router to point any traffic destined for your other two Static IP’s (198.68.100.194 & 195) to your PPPoE Assigned IP (198.68.100.193). On your two devices that are being assigned the 198.68.100.194 & 195 IP’s, you will use a Gateway of 198.68.100.193 with a 255.255.255.248 mask. So any outbound traffic from either of those devices will be sent to 198.68.100.193 and then your router should know what to do with the traffic. If it is traffic to the Internet, it should be pointed out your PPPoE interface and when it reaches our head-end PPPoE router, it knows to send that traffic out to the Internet. The return traffic (from the Internet) will see the traffic is destined for 198.68.100.194 or 195 and our PPPoE router knows (from the static routes set within) to route that traffic back to your PPPoE device. Static Routes in our PPPoE head-end router: ip route 198.68.100.194 255.255.255.255 198.68.100.193 ip route 198.68.100.195 255.255.255.255 198.68.100.193 Hopefully, this helps you understand how we have this configured on our end so that you can configure this properly on your end. Unfortunately, I think they don't grok my configuration as I explained it to them. For one, 198.68.100.193/32 seems to cause range overlap issues for static routes, and I don't have a monolithic device (as they assume) in a DMZ that as simple as assigning a gateway and IP. Admittedly running a company has taken its toll on some of my networking skills, and I've never been much of a network guy to begin with. In pfSense I've set up these IP's as virtual IPs and that hasn't worked. Trying to define .194 and .195 as /29 just doesn't route in from the outside. I've also tried to configure this into a Sophos UTM and a Sonicwall I had laying around. The .193 address works fine, NAT overload and NAT port forwarding and translation is perfect for that PPPOE assigned IP. There's gotta be something I'm missing about how this is configured. I prefer to keep pfSense as a firewall, if its still workable for a solution, otherwise Sophos is fine. As always, any help or insight is appreciated. R-Type fucked around with this message at 22:33 on Sep 19, 2018 |
#
?
Sep 19, 2018 22:28
|
|
|
|
| # ? Apr 25, 2024 22:40 |
|
|
I've solved this issue, and will not publish how I did it. LOL.
|
|
#
?
Sep 30, 2018 07:40
|
|