----- Original Message ----- > From: "Jason T. Slack-Moehrle" <slackmoeh...@gmail.com> > > Hi, > > On Fri, Feb 10, 2012 at 11:00 AM, Jason T. Slack-Moehrle > > <slackmoeh...@gmail.com (mailto:slackmoeh...@gmail.com)> wrote: > > > I am a little confused at how I would know if they are handing me > > > a /29 or just 5 IP's? > > > > > > range: 75.xx.xx.25 - .29 > > > subnet: 255.255.255.248 (which is /29, IIRC) > > > GW: 75.xx.xx.30 > > > > > > Comcast has routed that /29 to your cable modem, and made those IPs > > visible to you on the inside. They are not routing the /29 to your > > pfSense box, else the fpSense box would have to have its own very > > own > > IP address outside of that /29, and that'd be a total waste of > > address > > space the IP for your firewall would need to be a /29 to route them > > to > > you anyway (at least if you had any redundancy, such as a CARPed > > pair > > of firewalls.) > > Yes, so it still stands that I need to have them create a /30 for me > and route my /29 to the /30, put the /30 on my pfSense WAN port and > the /29 on my DMZ….. >
I've deleted all the previous messages, so perhaps I'm missing something... but why not just use proxy arp and NAT, keep the /29 on the WAN, and have your DMZ et al use reserved private IPs? Comcast may be unwilling to waste a /30 for your WAN, even if you're willing to pay. Regards, Adrian _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list