I obtained a /29 block from ATT. And I plan to set it up this way, want to make sure this is ok.
RB4011 - ETH1 ONT, ETH2 ATT RG (VLAN bypass method only used for EAP with a bridge is working perfectly with pcunite's script- bridge is called BRIDGEWAN)
RB4011 - ETH3-ETH9 (LAN 192.168.x.x bridged - called BRIDGELAN)
/29 CIDR allocation
x.x.x.94 - GW IP
x.x.x.88/29 - Network
x.x.x.89-93 - usable IP
I could set it x.x.x.94 on BRIDGWAN and have it work. But I wanted to use another routable interface ETH10 on the RB4011 that directly plugs into my office ETH drop. I have my virtualized setup on that drop. Plan is to run this into a PFSense/OpnSense virtualized router and then have this feed IPs to VMs on the LAN (my PfSense server is an Intel Zeon-D 1567 12C/24T and has 4 nics on the MB). Right now only one server is planned so will end up using only one of the IPs in the range (88-93).
So currently I have set x.x.x.94 on ETH10 and run a DHCP server on that port to feed x.x.x.89-93. This works as of now (without the PFSense running since I am still setting it up). I understand there is no firewall operational so did this just temporarily.
Questions : Is this config safe if I have Pfsense in front of ETH10 ? And is the RB4011 firewall doing any firewall filters at all ? (I removed ETH10 from the BRIDGELAN and interface list LAN as all my rules use interface lists). I can see connection tracking in IP/firewall/connections but a tracert from my office PC shows next hop as ATT network node and not Mikrotik(192.168.88.1)
I would like to not run PfSense on BRIDGEWAN because its not feasible due to the location but possible in my office.