On 12/6/14 11:06 pm, Jon Gerdes wrote:
As far as I can tell, the only downside is I lose another address to act as the gateway. Can anyone spot any flaws with this method or is it a general practice?
Certainly assigning the first IP in a /29 to the PPPoE client is fairly standard practice in the UK (which I see you are). My $dayjob is an ISP and assigning the first IP to the PPPo{A|E} client is our normal config for anything from a /30 down to a /27.
I put the second address from the /29 onto an interface and the remaining four onto my externally facing systems.
I believe (though haven't tried it in anger with the post-2.0 pfSense versions - I recall doing it years ago with a 1.2.x version) you can use an OPT interface for your WAN (instead of the default WAN interface), then bridge LAN and OPT1, thus only 'losing' one of your IPs to the firewall rather than two.
PS My real motivation for this is to avoid having to go back to split horizon DNS again which would mean resurrecting BIND and a complicated views setup - the horror!
As an aside, the inbuilt DNS forwarder works quite well for this scenario - leave your BIND configuration pointing to the public IPs, but use pfSense's dnsmasq to 'override' those lookups from the local network, replacing with their RFC1918 IPs as required.
(it's nice to be able to use a true /29 range if you can, but with RIPE IPv4 allocations as tight as they are these days, hang onto yours for dear life :-) )
Kind regards, Chris -- This email is made from 100% recycled electrons _______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
