We have a fibre leaseline with a /29 range for our pfSense WAN port
61.179.145.40/29
So the WAN of our pfSense box is 61.179.145.42
with a gateway of 61.179.145.41
.
Our ISP has also routed 61.179.144.128/25
with a next-hop of 61.179.145.42
(our pfSense box).
The LAN of our pfSense box is 10.0.0.1/19
. From the LAN of our pfSense box we go to a managed Edgeswitch which has 6x Ubiquiti Rocket's attached. Each rocket has an IP in the 10.0.0.0/19
range and the wireless clients (also Ubiquiti gear) get an IP of 10.0.0.0/19
. We can then set 1:1 NAT's to each of our clients IP addresses.
For example, Client 1:
We set up a 1:1 NAT rule in pfSense to assign 61.179.144.160
to 10.0.0.16
. When we go to whatismyip.com on 10.0.0.16
, it works fine. However I am not happy with this setup. I would rather directly assign a subnetted range of our routed range directly to the customer. So when the customer plugs in their equipment to our termination, they enter their external IP, subnet and gateway (an interface defined on an interface on pfSense, or even a router we supply them for them to connect to?).
We have managed this scenario by using VLAN's in a cabled environment simply by disabling NAT on pfSense.
Hope this makes sense.