I have recently decided to change ISP. The old one provides a /32 for WAN via PPPoE and a routed /29 block of 8 (6 usable) from which I put the first one on an interface and the remaining 5 on systems so they get an externally routeable IP but with pfSense protection. This is pretty much how IPv4 was supposed to be before NAT was invented.
My new ISP only provides a /29 from which WAN always gets the first one via PPPoE. I put the second address from the /29 onto an interface and the remaining four onto my externally facing systems. I moved a web server over to the new scheme and it works fine, internally, externally and over an IPSEC VPN so it all looks good. As far as I can tell, the only downside is I lose another address to act as the gateway. Can anyone spot any flaws with this method or is it a general practice? Cheers Jon PS My real motivation for this is to avoid having to go back to split horizon DNS again which would mean resurrecting BIND and a complicated views setup - the horror! Blueloop Ltd Jon Gerdes | Senior Consultant Blueloop House Ilchester Road Yeovil Somerset BA21 3AA Tel: 01460271055 Web: www.blueloop.net Registered Address : Blueloop House, Ilchester Road, YEOVIL, BA21 3AA Registered England & Wales - 3981322 CONFIDENTIAL INFORMATION This e-mail and any files attached with it are confidential and for the sole use of the intended recipient(s). If you are not the intended recipient(s) you are prohibited from using, copying or distributing this or any information contained in it and should immediately notify the sender and delete the message from your system. Internet communications are not secure and Blueloop Limited is not responsible for unauthorised use by third parties nor for alteration or corruption in transmission. Furthermore, while Blueloop Limited have taken reasonable precautions to minimise the risk of software viruses, it cannot accept liability for any damage which you may suffer as a result of such viruses, and we therefore recommend you carry out your own virus checks on receipt of any e-mail. _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
