Hello,
We have an AT&T ADI and were given a /30. Cool, we used that for our pfsense.
We were also given a /26 to route. Well, we only need a few IPs. Wanted to know if it is possible to convert a /26 into multiple /29 blocks on pfSense. Yes, I know I can’t use all the IPs in that instance. That is fine. Just looking to see if it is possible since I can’t ask AT&T for multiple /29 blocks on the same circuit.
Why is the requirement to break up the /26? What are you looking to gain by splitting them up?
Possible subdivide for if I wanted to slice out some of the internet for a few customers to colocate some servers or virtual machines.
AT&T will send all traffic for all those IPs to you , thinking its a /26, regardless of how you use then on the “LAN” side of your router. If you create multiple interfaces/VLANs with /29 (or /27, /28) subnets then it’ll “just work”.
Ah, so basically, just have the pfsense hold the /26 as normal. Then create a VLAN with /29 with the pfsense at the gateway?
No, in this case you wouldn’t have the /26 configured anywhere. PFSense would just have the /30 on the ISP side and the /29 (/28, /27) on LAN side.
On the ISP side their router will look like this:
Interface 2 IP: a.b.c.1/30
Static route: d.e.f.0/26 → a.b.c.2
Your router then looks like this:
Interface 1 IP: a.b.c.2/30
Interface 2 IP: d.e.f.1/29
Interface 3 IP: d.e.f.9/29
Interface 4 IP: d.e.f.17/28 (or whatever you want to do with the remaining space)
Static Route: 0.0.0.0/0 → a.b.c.1
Ah, simple enough. If I had enough interfaces. I’d need like 8 LAN ports. So, it may be easier to break out to VLAN to a switch.
Thanks for the help.
Honestly its very rare for me to use more than one LAN port on a router, unless it has an integrated switch, just VLANs on the single port. There are special cases but most of the family, nonprofit, freelance, and work routers have a single LAN port. I used “Interface” as a shorthand, the same applies whether the IP is on a physical or virtual interface.