OK, its been a few days and now I am all up and running I thought I would add some instructions in here that got me all setup and going. These instructions were good for my setup where I have 13 useable addresses assigned and I use NAT to redirect traffic for those addresses to my internal devices.

Nothing needed doing on the Draytek, it works as advertised, all plug and play 😉

The pfsense side has a few configuration steps, so here goes...

On the Firewall -> Virtual IPs page, create a set of IP alias entries, one for each address in the useable range supplied to you by BT (in my case I have 13 of them) assign these to your WAN interface.

On the Firewall -> NAT page, create 1:1 associations from your external IP addresses to your internal IP addresses as necessary.

On the Firewall -> Rules page create any rules to allow traffic in/out of your network, e.g. I have a rule that allows only traffic on port 25 (SMTP) to my email filter appliance.

Create a WAN interface, set its type to PPPOE and enter your BT supplied username and password (this is important as I believe these determines which addresses BT will be routing to you and was the original reason for this forum post)

Create a Gateway, clear out the gateway ip address field and tick the default gateway box, set the Interface to the one created above and IP4 as the address family (BT doeasnt yet support IPV6).

By default, the firewall interface for PPPOE will receive an address from BT when the link is negotiated, this is not the correct address if we want external connections to the firewall (I have a VPN connectioin from home). In order to assign the correct gateway address to the firewall, do the following...

1. In the Interfaces GUI, setup PPPoE on your WAN without any IP addresses (because you can't do it in the GUI) and save. This makes a mpd_wan.conf
2. From the console;
   
   > cp /var/etc/mpd_wan.conf /conf
    
3. In the GUI, Diagnostics->Edit File, load /conf/mpd_wan.conf
4. In the pppoeclient: section, add the line:
   
   set iface addrs !1.2.3.4 9.8.7.6
   
   (Before the create link commands) - 1.2.3.4 is YOUR gateway address as given by BT, 9.8.7.6 is the address assigned by BT when the PPPOE link connects, but I believe can be anything you like.
   
   Normally, mpd configures the interface with the IP addresses that were negotiated when connecting the link. Since dial-on-demand configures the interface before actually connecting, mpd has to be told initial local and remote IP addresses to give the interface. These addresses don't have to correspond to the ``real'' ones; in fact, both addresses can be completely fictional. If and when different addresses are negotiated later, mpd will automatically renumber the interface and adjust the routes.
   
   
5. Save the file
6. Do something to restart the interface - e.g. hit save on Interfaces->WAN or even reboot, the conf will be preserved across reboots.
7. From the console, you can verify that /var/etc/mpd_wan.conf is now a link (optional):
   
   > ls -l /var/etc/mpd_wan.conf
   lrwxr-xr-x  1 root  wheel  18 Mar 19 16:17 /var/etc/mpd_wan.conf -> /conf/mpd_wan.conf

Now, take a look at the PPP page on Status -> System Logs, this should show a trail of PPPOE connection attempts to BT via your Draytek, for some reason, my setup can take up to 15 attempts before a connection is established and addresses etc configured.

And thats it, you should be able to see the outside world!

Your final job is to setup reverse DNS for your external addresses (especially if you are using email as some servers dont like mismatched forward and reverse DNS entries), so, go to HERE and fill in the form for whatever you need. Note: It may take 2 or 3 days for the reverse DNS entries to become active.

This is all based on trial and error along with hunting around for hints on how to do this, there may be other/better ways, but I know this works (for me at least).

You may want more setup on your firewall for traffic shaping etc, but that falls beyond the scope of simply getting connected so I leave that as an exercise for the reader. 

I hope this helps someone, Good Luck. 

This isn't for the Draytek ... but I just want to encourage people like me who might be a little intimidated by the static IP / pfSENSE set-up.

I have an old separate ECI modem for Infinity:

NGA ECI-CPE-MODEMS TYPE 18 ... model B-FOCUS V-2Fub/r Rev. B

But I want to talk about pfSense & PPPoE ... assuming a capable modem.

I'm using QOTOM-Q190G4-S02 OEM New Barebone J1900 4 LAN Mini PC from Amazon that came within a couple of weeks I think (had to pay import fees on it), and I added 4GB Ram and maybe a 64GB mSATA (just based on price and availability ... I'll only use a fraction of that space).  pfSense: 2.3.3-RELEASE-p1

My experience was this:

I set-up one of the 4 intel nics / interfaces for the WAN and set-up PPPoE.  I used the credentials given me (username & password) when I bought the BT Business Infinity package years ago along with 8 (5-usuable) static IPs.  I entered an MTU of 1492. Ignoring IPv6 just for a moment (no configuration).

Under Firewall-Virtual IPs I entered 5 Virtual IPs of IP Alias type ... I have 5 so I'd enter (obscuring my IPs with **):

81.137.**.**/29
81.137.**.**/29
81.137.**.**/29
81.137.**.**/29
81.137.**.**/29     ... all against the WAN interface

And as far as I recall ... THAT'S IT ... DONE. (Obviously you need to set-up the other interface(s) how you want them).

It works.  In fact, the line connection established in a few seconds rather than the half minute my old Business Hub 3 used to take.  And I saw a significant rise in download/upload rate. I'm still on an older tarriff that no longer exists ... BT want me to go on a higher more expensive one, but on my line, 1-mile from the exchange but not a great line, I'm consistently seeing 60Mb down, 13Mb up.

The connection details won't say anything about the static stuff ... you only see the dynamic IP, Gateway etc.

I can use the Virtual IP whereever I want.

Example:

1:1 Nat is a choice.  I'm using it for two hMailServer MX's + IIS Reverse Proxy (Compute Stick & a VM)  (I'm comfortable with IIS for ARR ... I do know about the options on pfSense itself for reverse proxying) ... and a 3rd 1:1 Nat for my main protected hMailServer installation.  I'm not sure about reverse proxying 993 & 587 yet & maybe I can do the rDNS and bindings on such a reverse proxy ... but for now, for those ports, I route direct to my "non-DMZ" mailserver.  Anyway - NAT 1:1 ... it's convenient.  I can set-up Firewall rules as appropriate.

Port-Forwarding can be a complement choice or a choice on it's own ... it basically sets-up a Firewall rule & a NAT context.  I can forward from any Virtual IP to an IP on any of my 3 physical separate private LANs (and presumably vLANs when I get round to that).  (Eventually I'll want to firewall-partition my private LANs & vLANS of course with only specific rules ... not got round to that yet).  (Only been at this a couple of days).

Outbound NAT ... now I haven't tried this yet so I might not understand it correctly ... but looking at it, I believe I could set a rule for a LAN net (private LAN) so that any outgoing stuff from an entire LAN net can be NAT'd against one of the Virtual IPs.  But I haven't tried it, and will have to see how conflicts with other NAT rules work-out ... seems to be rule-order based.

Anyway - huge amount of flexibility.  I put off pfSense for ages, thinking it would be complicated!  But at the basic level, getting my BT connection with 5 static IPs working on it ... it's EASY!  That's my experience anyway.

Give it a go!  (Have a couple of intel Nics ... try it out virtually first ... but I'm very happy with that cheap machine I bought from China ... so far with 8 physical/virtual machines going through the pfSense box I haven't hit 1% yet in terms of available NAT states in the state table, and even after granting lots of resources to DNS Resolver etc. and other stuff, I'm only using 5% memory.  I once saw CPU usage go up to 7% rather than zero %.)  (I'll be putting a number of packages onto the box over time, and might see a rise in server traffic over time).