[pfSense Support] WAN configuration without router

Tue, 03 Feb 2009 21:55:46 -0800 

I'm helping a buddy get his pfSense (v1.2) setup with a new higher
capacity connection and keep his old connection as a dual-WAN.  He got
some IP assignments from his ISP, the gist of which is:
 
     WAN Block: x.x.x.132/30
     WAN Subnet Mask: 255.255.255.252
     Network Side: x.x.x.133
     Customer Side: x.x.x.134
     Customer LAN block: y.y.y.0/27
     Customer Gateway: y.y.y.1
     Usable Range: y.y.y.2 - y.y.y.30
     Customer Subnet Mask: 255.255.255.224

My friend's sales rep offered to lease him a layer 3 router for several
hundred a month, which he declined, figuring pfSense would do the trick.
I haven't been to the office where the equipment is installed (been
doing this remotely from a different city), but apparently the ISP
installed a switch for the x.x.x.132/30 network.  Their piece assumes
x.x.x.133 and passes all y.y.y.y to us at x.x.x.134.  Seems easy to
setup in pfSense with virtual IPs...until I started to play with it.
Main problem is that their WAN doesn't specify a gateway, so this is one
level higher than my normal cable/DSL bridged setups.  Consequently, I'm
not sure what to plug where.
 
(1)  I tried setting pfSense WAN IP to x.x.x.134 & gateway x.x.x.133. At
the very least I thought that should allow my pfSense box to ping
x.x.x.133 (pingable from outside) on the WAN interface.  No luck.  And
can't connect to pfSense x.x.x.134 from outside despite proper
nat/rules.  And even if I could, where does the customer gateway come
into play?  Can I ignore it, since all I want is for pfSense to forward
all y.y.y.y to x.x.x.133?  Or do I need to setup a virtual PARP for it?
And then what?  Somehow funnel the other y.y.y.y virtual PARPs through
it?
 
(2)  I tried setting pfSense WAN to Customer LAN y.y.y.2 & gateway
y.y.y.1 and PARP for x.x.x.134.  This seems "most" correct.  However, no
pingable gateway from outside, which I assume is because with no router
there's no gateway.  So somehow I need to convince pfSense that it's the
y.y.y.1 gateway and to forward everything for y.y.y.y to x.x.x.134, but
how?  Static route?  Also, like above, can't connect to pfSense from
outside.
 
Any advice?
 
--Bennett

Reply via email to