How to set up IPs pool ?

Hello All!

I'd like to set up IPs pool using below scenario.

Core IP on interafce (Internet access):
ix0: W.X.Y.Z/32 (one external IP)

IPs pool (got from ISP):
lo1: A.B.C.D/24 (254 usable external IPs)

How can I route traffic to set available incoming and outgoing IPs from pool via core IP on interface ix0 ?
Is this cirrect to set this IPs pool on local interafce and somehow route/nat it?
Thank you for your help.
 
If you have only 1 interface ix0 then use inter-VLAN routing
Router
Vlan 100: W.X.Y.Z/32 --> ISP
Vlan 200: 10.0.01/8 --> LAN
Vlan 300: A.B.C.D/24 --> DMZ

If you have multiple NICs then use something like this:
Router
WAN: 1.1.1.2/32 --> ISP 1.1.1.1/32
LAN: 10.0.0.1/8 --> LAN Switch or VLAN --> pc1: 10.0.0.2/8 pc2: 10.0.0.3/8 ...
DMZ: 2.2.2.1/24 --> DMZ Switch or VLAN --> server1: 2.2.2.2/24 server2: 2.2.2.3/24 ....

Then for your LAN you can use one or more of provided public IPs for NAT and rest for your servers.
 
Thank you. You hae to know, I'm not connect to any switch. Everything is on the server and is virtualized (bridges, OS etc.).

I was trying to add these IPs from pool just to ix0 interface. It's been added but I cannot outgo from this IP.
I think It should be possible, so I've asked ISP if they rooute correctly my IPs.
 
Ok, above configuration does not work.
I was talking to ISP and they told me that I have set it beside the ix0 WAN interaface.

Should I use VLAN? I want to avoid very compoex configuration.
As I remember, on CISCO routers IPs pool haven't been any VLAN just ip pool option or something like this.
 
Where do you want to use your public IPs that your ISP is providing? If you have only one NIC then you have to use Vlans so you can route them.

Can you draw your network topology?
 
I want to use these IPs as public. I want to make outgoing and incoming traffic.
Besides, I will NAT these IPs to virtual machines using PF.

The clue is to route somehow these IPs into the IP of ix0 interface.
<-??->

INTERNET (ISP gateway) <-> core_public_IP (ix0) <-??-> pools IP (interface) <-> NAT_by_PF <-> virtual_machines
 
It's better to route the IPs instead of using full NAT.

ISP 1.1.1.1/32<->1.1.1.2/32 Router (ix0) <-> VLAN10 2.2.2.1/24<-> Virtual_machineA 2.2.2.2/24 Virtual_machineB 2.2.2.3/24 ... and so on.
 
It's something different than I have got right now. I use bridges, taps for bhyve. It could changes my topology a lot and I don't know if It works at the moment.
So, I'd like to keep everything like current it is working and just route somehow these IPs to the world and vice versa.

Instead of VMs. You say I have to use VLAN on ix0 and assign network IPs pool to that VLAN ?
If I do it I have to NAT every IPs from the network in PF.
 
I've added vlan and one IPs from pool.

ifconfig ix0.1 create vlan 1 vlandev ix0 A.B.C.D/24
ifconfig ix0.1 inet A.B.C.1 netmask 255.255.255.0 alias

But the traffic still isn't working. I wonder if something wrong on ISP side.
 
If you have bridge between ix0 and tap0 then you can set your tap0 interface with the provided public IPs and use the rest for your virtual machines. There's no need of VLAN
 
I have to use private class IPs for taps.
Anyway, I was talking with ISP hardly and they told me IPs aren't working yet.

So, I have to wait for ISP to configure everything for their side.
 
It's working. ISP corrected IPs configuration on their side and I can just add every IP to the same interfacae as is W.X.Y.Z/32.

Anyway, I have another issue.
Once It's working from my server to the world but world cannot receive ICMP from my server.
I see the traffic come but my server does not reply.

1. PF is not blocking, all traffic is passing.
2. I have more then one external IP on different interfaces.

Example:
igb0: Q.R.S.T/32 set rtable 0
igb1: M.N.O.P/32 set rtable 1
ix0: W.X.Y.Z/32 set rtable2

I can ping Q.R.S.T/32 from outside but not the rest of my external IPs from different interfaces.
I think traffic out from rtable 0.

/etc/rc.conf
Code:
gateway_enable="YES"

/etc/rc.local
Code:
setfib 0 route add default Q.R.S.1
setfib 1 route add default M.N.O.1
setfib 2 route add default W.X.Y.1

Whta is strange that setfib X netstat -rn command shows in every interface IPs from others....
 
Back
Top