4. Using pfsense to forward all traffic to another pfsense

Using pfsense to forward all traffic to another pfsense

  • S

    Hello

    Originally I had:

    WAN -> Draytek router -> small Switch -> PFSENSE 1 ->  LAN  (high avail)
                                                                -> PFSENSE 2 -> LAN    (high avail)

    I was dual NATING but it worked fine and I actually preferred having it.

    I was forced to remove the Draytek, and now I have:

    WAN    -> PFSENSE1 -> LAN  (high avail)
    empty  -> PFSENSE2 -> LAN  (high avail)  (I have to manually plug the WAN cable into PFSENSE2 when PFSENSE1 box fails)

    What I want to have again is a router after the WAN cable and before PFSENSE1/2, so I can have true high availability.

    I was thinking on using another PFsense box for the router.

    WAN -> PFSENSE ROUTER -> small switch -> PFSENSE1 -> LAN  (high avail)
                                                                    -> PFSENSE2 -> LAN  (high avail)

    I tried this method above, and everything worked, except Dual Nating.  I could not open ports from PFSENSE ROUTER -> PFSENSE1 -> LAN client.

    Whats the best way to go at this?

    I also need PFSENSE ROUTER to preserve the manual Outbound static ports defined on PFSENSE1 for voip calls to work.

    0
  • V

    Why don't you connect the switch to WAN directly? If you do so you can drop out one point of failure.

    0
  • S

    @viragomann:

    Why don't you connect the switch to WAN directly? If you do so you can drop out one point of failure.

    Because CARP requires 3 addresses and my ISP only provides /30 on their subnet.

    0
  • V

    There is no need for the 3 addresses to be in the same subnet since version 2.2. You may set the interface addresses to a private subnet.

    However, this solution prevents the backup box from accessing the internet and getting updates, cause this require the unique public IP which is occupied by the master. I don't know, if there is a workaround for that, otherwise you will have to switch the master box in "CARP maintenance mode" for updates.
    However, fail-over would go automatically, so for me this would be the better solution.

    0
  • S

    The inside boxes are running 2.1.5.

    Either way, I am looking for the best way to pass all traffic from the PFsense router -> PFsense1. Dual-nating or DMZ? how to make a DMZ? isn't DMZ a port forwarding of all traffic instead of just one port?

    Because my previous test of dual nating a single port failed, and I am wondering what could possibly be happening or if there is something I dont know about.

    Dual nating worked well with draytek -> Pfsense1

    0
  • B

    You can enable UPnP, and try out. In most cases, it works.

    0
  • A

    I have a simular question, I just want to use both at the same time and have both access each others LAN (both have the same multiple VLAN interfaces)

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy