> Wait, are you saying I could just pay Comcast for 14 addresses and > create a routed subnet myself and not have them do it? > > Or could I just have them create for me a 2nd IP block of 1 IP, load > that on the modem with my block of 5 and somehow created a routed > subnet from the /31 to my /29 without them? so that pfSense is setup > the correct way? > > Sorry for the confusion! > > -Jason
Actually, that's a very good point - in a broadband network, there is NO requirement whatsoever for the upstream link to be a /30, or even anything vaguely resembling a PtP link. As long as there's a route entered in their routing table pointing to you, there is no waste of IP addresses to accommodate your route. Your router could easily be one of 16k other devices in a subnet, it wouldn't matter. ISPs generally allocate that /30 for manageability and security reasons, but most of those issues don't exist in a HFC network like Comcast's. More realistically, they probably still don't want to be bothered :-). One other posted reported success, however, in getting a routed setup from Comcast, so perhaps your quest isn't futile after all. No, however, you can't quite do what you're talking about - at least not without proxy ARP or bridging, which brings you right back to the original set of suggestions. Comcast's router expects to be able to ARP for all the addresses they're assigning you, and if it can't that address effectively becomes unreachable. Proxy ARP is even more evil than setting up two firewalls, in most cases - it's nearly impossible to troubleshoot if anything goes wrong, and then you still have to do port forwarding or bridging behind that. (Any port forwarding, including pfSense's virtual IP, does something much like proxy ARP, but manageable.) -Adam Thompson [email protected] _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
