At&t "business fiber" /240 block passthru to pfsense

I am trying to set up an AT&T Business Fiber service and /240 static IP block to a pfSense firewall. The ISP requires using their GW device (bgw300-505, like home users since its not enterprise fiber) and I want to set it up so its ‘dumb’ and let pfSense do as much as possible. I read conflicting reports of using IPPassthru vs Cascading Router options. Anyone set up something similar?

Why not just assign all the IP’s to pfsense?

Hi Vince,

I have a BGW320-500 at one of my clients (I’m guessing the config is probably similar), and have the public IPs configured in the public subnet section, as seen in the picture. You would use the public IP settings assigned to you in the section - for DHCP start / end, I put in the usable range. I actually have cascading router and ip passthrough both disabled, and also have all firewall functions disabled. I tried messing with the other settings, but this was the only way that worked for me. I then have all of the public IPs assigned in pfSense. It’s been configured this way and working as expected for about 1 year now.

Hope this helps,

Thanks Frank, with your setup does the WAN IP on pfSense have one of the IPs from the block, or the IP that the BGW320 gets? Should I just write off that IP as unusable to pfSense

@VinceO - correct. In my case, the pfSense’s WAN IP is the first IP of the DHCP block. I don’t use the IP the BGW gets - just write it off

I have DHCP disabled (since I don’t intend to use the BGW320’s LAN) and the IP range fields are greyed out as well as the public/private radio button. Looks like I cannot enter the IP range in the DHCP block unless DHCP is enabled on the BGW320 LAN, is that right?

I believe so. I don’t “use” dhcp either except for this case. Like I said, I tried doing this with pass through and cascading router (because I didn’t love the way this sounded) but couldn’t get either of those ways to work. This was the only way that worked for me. The only thing plugged into the gateway is the pfSense, and it’s configured with a static IP - the rest of the public IPs are set up as virtual inside pfsense.

I don’t have anything else plugged into the at&t gateway, but if I did, and it was set to dhcp, it would pull one of those private IPs defined on the gateway. Anything behind the pfsense firewall will use whatever dhcp service you have (in my case windows server dhcp). Sorry if I’m making it sound confusing but I spent about 2 days on this originally :slight_smile: