ISP passing more IPs through /30

[Nandoskid]

Let's say my ISP is giving me 10.0.0.0/32, and they say:
-> My Internet facing IP is 10.0.0.2
-> My gateway is 10.0.0.1

1 year later I ask for more IP's (as i will need to), and they allocate a block of lets say for this example ... 10.0.0.16/28.

How do they make these IP's available to my virtual interfaces through the existing IP of 10.0.0.2? Is it as simple as them making a routing rule on their side saying "to get to 10.0.0.16/28, go to 10.0.0.2, where it will hop onto my side and the virtual interfaces take over?

 

[Gryz]

Most likely you will receive an extra prefix with IP addresses you can use, which is unrelated to the IP address your router gets via DHCP on it's outside link. It's not sent via DHCP (or PPP). It's given to you via email or a letter. You'll have to configure that prefix on your own router, on the internal interface. And you'll have to disable NAT.

I don't think there is a way for routers to exchange such a IPv4-prefix via DHCP. There is for IPv6. It is called prefix-delegation. It's part of DHCPv6. https://en.wikipedia.org/wiki/Prefix_delegation

Example:
Your provider uses 100.100.100.100/30 for the link between you and their router. Your router gets IPv4 address 100.100.100.2/30 and default-gateway 100.100.100.1. 100.100.100.2 will be the ip-address of the external interface of your router. You get a note or email telling you you get 200.200.200.0/24 as your own prefix. You then manually configure the internal interface of your router with an address out of the 200.200.200.0/24 range. E.g. 200.200.200.200.1. Your router will then assign ipv4 addresses to the devices on your home network via DHCP, out of the 200.200.200/24 range.

Some routers can assign a large range of public IP-prefixes on their external interface. So you can still do NAT. E.g. you have 16 public IP addresses that are translated to several hundreds or more internal devices. I think that still has to be done via manual configuration of your router. And most home-routers will not support it.

 

[Nandoskid]

This business setup doesn't have DHCP on WAN. The current setup is their pFsense has a static WAN ip address in place. My understanding is that I go to pFsense, and on 'firewall; virtual ip's' i am to create as needed, a virtual IP on that WAN port assigning it the ip/prefix as needed. From there i setup NAT, and point traffic to the right internal VLAN.

One thing I am trying to read up on in case i need it is how do i configure the pfSense box to not handle the extra IP, but to allow for a server to have one of it's NICs obtain one of the WAN static IP's assigned to it statically.

Thanks for your input.

 

[Genx87]

This business setup doesn't have DHCP on WAN. The current setup is their pFsense has a static WAN ip address in place. My understanding is that I go to pFsense, and on 'firewall; virtual ip's' i am to create as needed, a virtual IP on that WAN port assigning it the ip/prefix as needed. From there i setup NAT, and point traffic to the right internal VLAN.

One thing I am trying to read up on in case i need it is how do i configure the pfSense box to not handle the extra IP, but to allow for a server to have one of it's NICs obtain one of the WAN static IP's assigned to it statically.

Thanks for your input.

Do you want the server behind the firewall? Or to have it directly connected to the ISP?

Behind the firewall you NAT its internal to a public.
Directly connected you will need a switch between the ISP and your firewall + server. Plug the firewall + server into the switch.