Please tell me how to link 3 networks together
-
Okay, first post here so please go gently with me and type very, very slowly so that I can understand.
I have three separate networks, all at the same location. Each has its own router, doing the DHCP thing and dealing with some fixed IP devices. Two of the three networks have a modem, connected to internet with different ISPs. For the sake of argument, we'll call the networks:
192.168.0.XXX
192.168.1.XXX
192.168.2.XXXI want to connect all three networks together to share resources like printers and servers for file backup plus some shared archive data. But each needs to remain free-standing with it's own router so that if any of the other networks (or whatever is connecting them together) goes down they can continue to function stand-alone as before. So a single router configuration isn't an option, all three existing routers need to remain in place and not becomes slaves of another device.
If we can team the two internet connections together to get faster throughput or fall back facility then that would be a bonus but it's not the be all and end all and I'm happy for internet connections to remain tied to the individual sub-networks if that's how it has to be.
Can I achieve the inter-connection I'm looking for by running pfSense on a discreet PC fitted with a 4 port LAN card, connected to each of the present networks?
If so, can you talk me how to get where I need to be? If not, can anyone suggest another way around it? Many thanks.
-
IMHO you need to replace the routers. That device is doing the…routing. Connecting different networks together is essentially creating new routes.
You could put pfSense behind the routers, but then you'd need to disable any NATing that the router does and let pfSense handle that as well as creating the new routes. Rather than maintain the two, it would be easier to replace the router with pfSense so you only need to manage one device.
-
Sadly, I don't have an option to combine everything with a single router. I have to maintain their potential for independence if something goes awry. We've been there. done that and had the problems. Also, one of the networks has multiple high definition CCTV cameras and servers on it so can hog a lot of bandwidth - I want to keep the other two networks as clean as possible rather than having throughput dragged down.
Going out and back again via the internet to use VPNs isn't an option either because the upload and download speeds in our locale are pretty chronic.
Any other ideas of how we can do it? I'm happy to put some time into configuring router settings if that's what it takes.
.
-
You can set up two pfSense routers in parallel as a failover pair. They will also do traffic shaping and QoS.
I run two WANs and two LANs off of the same pfSense box without any issues. They are extremely customizable, but it requires work and planning.
Or you can replace all three routers with three different pfSense boxes. With a layer 3 switch you can vLAN everything and create separate routes between the pfSense routers and their LANs using vLANs.
-
so can you make other connections to these routers, what routers do you have?
If you can make another connection to these routers then you don't even need pfsense, unless you were wanting to firewall between the segments. If your wanting to put pfsense downstream it can be done but more of pita. And you going to be hairpinning connections and not optimal setup and you can have asymmetrical routing issues without transit network unless you did host routing
If your routers can have another interface with a different network its really simple.
So on router 1 you create routes
192.168.2.0/24 172.16.0.2
192.168.3.0/24 172.16.0.3on middle router
192.168.1.0/24 172.16.0.1
192.168.3.0/24 172.16.0.3router on the right
192.168.2.0/24 172.16.0.2
192.168.1.0/24 172.16.0.1Bing bang zoom all your networks are connected.. If you trying to put pfsense downstream of them all its kind of pita and you have issues with asymmetrical.. Unless your switches can do vlans and your routers can do vlans if you only have 1 interface.. If not I would prob put pfsense upstream and use it for your wan connections - this would allow you leverage both your wan connections in a load balance or failover setup. See 2nd attachment.