Setting up static IPs on pfsense

[MatthewGCampbell]

have a /29 block with AT&T and im trying to get it to pass the IPs through the NAT but im unsure if this needs a 1:1 nat, or just a basic nat rule to exclude the IPs from pfsenses NAT table, anyone have a setup like this? Trying to get the static ips to various physical interfaces and dont want to use vlans.

[MonkWho]

Yet again we haven't seen anyone mention configs like this. Better place to check would probably be netgate forums or reddit.

[owenthewizard]

I have a /29 block working - here's my setup, with OPNSense 20.1.7 and commit 90f5abb:

1. Setup OPNSense with pfatt as you usually would, including a DHCP public IP on the WAN interface. At this step you should have a "normal" setup, without your static IPs.
2. Navigate to Interfaces -> [WAN] (replace with your WAN interface name). Scroll down to Alias IPv4 address, and enter the RG IP AT&T provided you. For me, this was one past my last usable static IP.
3. Navigate to Firewall -> NAT -> One-to-One. Create a new One-to-One NAT rule, with the below values: Interface: WAN External Network: \<your desired useable static IP> Source (Single Host or Network): \<IP of your LAN host or network that you want to use the static public IP> (Set the subnet mask accordingly - for a single device use /32)

[MonkWho]

Excellent write-up @owenthewizard. Thank you for contributing.

[MatthewGCampbell]

Very much appreciated for your help, owenthewizard

Sent from my iPhone

On Sep 17, 2020, at 2:18 AM, MonkWho notifications@github.com wrote:  Excellent write-up @owenthewizard. Thank you for contributing.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[owenthewizard]

I forgot to add my source, I struggled with this for a while before I found this: https://reddit.com/r/PFSENSE/comments/c08qyt/wan_static_ip_issues/er34dkb. Gracious hat tip to that lady/gentleman!

[owenthewizard]

I think adding this to the README could be useful - even though it's not directly related to the bypass. Thoughts?

[MonkWho]

This definitely looks like something that should be added to the readme. Unfortunately I don't have the time currently to write it up all nice and coherent. Could someone please write it up and create a pull request so I can just merge it?

[MatthewGCampbell]

I maybe could, I haven’t had time to play with it but this weekend I hope to get it working. Will ask for a pull request then.

 This definitely looks like something that should be added to the readme. Unfortunately I don't have the time currently to write it up all nice and coherent. Could someone please write it up and create a pull request so I can just merge it?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[AndrewReaganM]

Here is at least a starting point. On my PFSense box I do not have a Source option on the new 1:1 rule page. Mine has Internal IP and Destination. I assume Internal IP is correct?

Static IP Setup

If you have a static IPv4 block with AT&T, you can use it with your pfatt configuration. Note that in order to use your IPv4 block, you must set up your connection as stated above first. The normal installation, including setting up DHCP to get a public IP on the WAN interface, should be completed before the steps below.

1. Navigate to Interfaces > WAN and scroll down to Alias IPv4 address.
2. Enter the RG IP address that AT&T provided to you. This is typically one past your last usable static IP.
3. Navigate to Firewall > NAT > 1:1.
4. Create a new 1:1 NAT rule with the following values.
   1. Interface: WAN
   2. External Network: your desired usable static IP
   3. Internal IP: (Single Host or Network) IP of the LAN host or network that you want to have the static IP.
   4. Set the submask accordingly (single devices use /32)

[MatthewGCampbell]

if this helps any one this is what im trying to do. and here is my solution: Create a bridge including ix2 and ix3 Assign 34.33.48.21/29 to the new bridge interface (At this point your devices connected to ix2 and ix3 are online) Create a virtual interface on the bridge for 34.33.48.25 Create custom NAT rules to achieve the desired NAT for igb 1 (These last two steps can be skipped if you’re OK for the LAN devices to be NAT’d to 103.22.30.x)

[MatthewGCampbell]

I will try my best and add all of this to the read me, thanks guys for your help.