Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing between two pfsense systems - is this how you do it?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      martta
      last edited by

      Hello,

      Setup:
      I have two pfsense systems behind a cable modem with a four-port switch.
      Modem 192.168.2.1
      FW1 192.168.2.100
      FW2 192.168.2.101

      FW1 LAN 10.10.10.0/24
      FW2 LAN 10.10.11.0/24

      My goal was to allow clients on both LANs to communicate with one another. I got it to work, but I don't know if I did it right, so I'm mostly interested in a best practice.

      What I did (after lots of trial and error):
      I setup a static route in the modem for each firewall's LAN, like
      dest 10.10.10.0 gw 192.168.2.100
      dest 10.10.11.0 gw 192.168.2.101

      Then I added a rule in each firewall, allowing traffic from the other firewall's LAN.
      So in FW1 I have something like this:
      pass any protocol from the network 10.10.11.0
      And of course the opposite in FW2.

      This was the most elegant solution I found and I like it compared to all the other messing around I did. But is this how one should do it?

      Things I have tried before the current solution:
      1. I tried using RIP to have the firewalls somehow communicate the routes with the modem, but that didn't seem to work. Maybe it's just the Comcast Business class modem that isn't capable of such things.
      2. I tried making each firewall a second (non-default) gateway and creating the static route in the firewall, instead of the modem. That sort of worked but not consistently, and as far as I understand, I shouldn't do that because the traffic still goes through the default gateway.

      If anyone has comments on my setup, I would be glad to either be corrected on it, or to find out that I did it well. Thanks in advance, and I want to say I really like pfsense and advocate it wherever I can.

      1 Reply Last reply Reply Quote 0
      • P Offline
        podilarius
        last edited by

        Why run 2 firewalls? One firewall could do that. You could also setup larger subnet and have both in the same network. That is of course if you are allowing all traffic to pass between the two networks. For the setup you have going, that seems to be the best way to get it done.

        1 Reply Last reply Reply Quote 0
        • M Offline
          martta
          last edited by

          Well, that's a good question  :)

          I found another (hopefully more reliable) machine that I intended to use as my main - and only - firewall in the future. For now, I just wanted to get it installed and hopefully test some of the cool stuff with pfsense that I wouldn't want to do on my production firewall. So I thought I'd run my own little testing system and maybe put a few select users on it but I also wanted to be able to access printers etc. behind the main firewall. That's why I'm doing this.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.