We have a CCR connected to fiber internet. The provider hands us a external ip (80.19.60.20/32, gw 185.42.11.236 ) via PPPoE plus a extra subnet (89.19.61.248/29).
The “main IP (80.19.60.20)” is the IP for the CCR.
What i would like to do is use 2 IP-adresses from the extra subnet to stay on the CCR (1x own server, 1x PBX) and use the rest of the IP’s for a customers firewall (Checkpoint) via DHCP.
I got it running if i let the subnet passthrough to the Checkpoint, but i can’t seem to split the subnet and use DHCP for 4 ip’s to be handed to it.
How would i be able to do this?
The CCR is live with customers connected to it, so i’d rather not fiddle too much on it.
I have a similar setup as you. You need to assign an IP to a separate interface with the routed /29 address (e.g. port2 with IP 89.19.61.249/29), and then connect all other clients to that interface, either via a switch or by bridging additional interfaces to port2. Note that the first and last IP in there range (.248 and .255) are not usable, and .249 is used as your router on port2, so your other clients should be assigned from the .250 to .254 range.
Additionally, you’ll need to exclude the srcnat masquerade for your /29 subnet source, else the outgoing requests from those servers will be “NAT” under your main WAN.