Routing 2 Router LANs under a Third Router
-
That's the major task of routers.
You just have to add static routes to tell the routers which network is behind the other ones.Assuming behind Router 3 is the internet seen from the others, 192.168.0.1 has to be the default gateway on Router 1 and Router 2.
On Router 3 you have to add 2 static routes:
- 192.168.2.0/24 > 192.168.0.2
- 192.168.3.0/24 > 192.168.0.3
-
A major mistake people make with pfSense in such a scenario is adding the gateways on the interfaces themselves.
Don't do that.
Create the gateways in System > Routing on the appropriate interfaces but DO NOT add them on the interface configurations themselves.
Then, also in System > Routing create static routes.
If you are feeling randy, install the FRR package and exchange routes via OSPF.
-
@derelict I added the gateway in the WAN interfaces of Router 1 and 2 because Router 3 is the Internet Gateway, will the internet still be accessible if the WAN interfaces of router 1 and 2 doesn't have a gateway?
-
That depends on how that router handles traffic.
You have two problems:
- What happens to the traffic generated by devices behind that router sich as wireless clients. If you have adhered to the advice of connecting a LAN port to your network that is bridged to the wifi and the wifi clients get the address of pfSense as their default gateway this should be a non-issue. If the router is actually routing this could hurt you.
- Accessing the router management itself. Setting a gateway for this traffic or using an Outbound NAT trick is required to access this interface from subnets other than the one it is on.
-
@Derelict I am sorry but I am really new to pfsense and static routes, How do I do the proper setup for the 3 routers? Router 3 has the Internet connection, Router 3 Lan is connected with Router 1 and 2 WAN.
-
Just like the Layer 3 switch here. Except you also have to worry about routing between routers 1 and 2 if the subnets behind them need to talk with each other. That will all be handled on those routers.
-
@Derelict Thanks a lot...will update for reference.
-
@Derelict I tried
- removing the default gateway of the WAN in Router 1 and 2
- created gateway 0.3 on Router1 with static route to 3.1 and Pass Rules (set gateway on the rule)
- created gateway 0.2 on Router 2 with static route to 2.1 and Pass Rules (set gateway on the rule)
But pfSense automatically set WAN gateway for each Router to the new gateway I made.
I do get the two LANs connected but Router 1 internet passes thru Router 2 before going to Router 3 then Internet. Same happens to Router 2.I do have squidguard installed, does this affect the default gateway?
How do I fix this? -
Please post screenshots of at least one of the routers. I can't tell what you have actually done with those descriptions.
-
@Derelict
Router 1 (refer to image):- LAN IP: 192.168.8.3 Subnet : 192.168.8.0/24
- WAN IP: 192.168.88.7
- Firewall Rules > LAN:
PASS - Source: LAN NET - Destination: 192.168.4.0/24 - Gateway: 192.168.88.4 - Does not work if no WAN default gateway is set
- Works if WAN default gateway is set to 192.168.88.4 but internet connection passes thru Router 2
Router 2 has opposite settings of Router 1:
- LAN IP: 192.168.4.1 Subnet : 192.168.4.0/24
- WAN IP: 192.168.88.4
- Firewall Rules > LAN:
PASS - Source: LAN NET - Destination: 192.168.8.0/24 - Gateway: 192.168.88.7 - Does not work if no WAN default gateway is set
- Works if WAN default gateway is set to 192.168.88.7 but internet connection passes thru Router 1
Router 3 (Connects to Internet)
- LAN IP: 192.168.88.6 Subnet: 192.168.88.0/24
- WAN IP: DHCP
- No Firewall Rules and static routes
-
@azmodeuz said in Routing 2 Router LANs under a Third Router:
Firewall Rules > LAN:
PASS - Source: LAN NET - Destination: 192.168.8.0/24 - Gateway: 192.168.88.7No. You need to pass sources 192.168.2.0/24 and 192.168.3.0/24 into LAN. Do NOT set a gateway on those rules.
Imagine yourself sitting in one of the routers. You say "I have a packet for 192.168.X.X. What next hop do I need to send it to? Consult my routing table. I have a route for 192.168.X.X - I send that traffic to next-hop Y.Y.Y.Y (the route's gateway)."
If you are unfamiliar with all of this why are you making it so complicated?
Please get it working with one then move to the second. Far less to look at and communicate.