2 different subnet with 2 pfsense firewall



  • Hi

    I am newbie, My problem is about 2 different subnet using 2 pfsense firewall i cant ping or access whatever ports are open

    here is my design but i dont know if it is good idea I also attached image

    i have 2 pfsense firewall installed on generic desktop computer

    my first computer has 2 lan card 1st lan card was connected to ISP Modem then the 2nd lan card is connected to HUB1 which i enabled the DHCP from 192.168.50.1 up to 254 but my gateway is 192.168.50.254 so that i can access web interface of pfsense. i set the firewall rules as allow all all ports are open.

    my 2nd computer has 2 lan card 1st lan card was connected to HUB1 which i assigned static IP of 192.168.50.194 this IP has a full permission on Internet Connection. and the 2nd lan card was connected to HUB2 which i assigned a 192.168.1.1 as gateway the dhcp is also enabled from 192.168.1.1 up to 254

    so all PC connected to HUB1 they can able to connect or access internet connection as my default setup and it is ok for me to test same with HUB2 it can access websites.
    because i cannot ping the 192.168.1.100 i cant also remote by using RDP or VNC even the firewall rules from pfsense firewall1 are set to allow all

    but the IP of 192.168.1.100 i can able to ping 192.168.50.208 even remote access.

    my question is, is my network design is ok or not, if ok is there a way to access the ip of 192.168.1.1

    sorry for my bad english hope you understand.



  • Netgate

    Just take a NIC out of firewall 2, put it in firewall 1, and put 192.168.1.1/24 there. No need for two firewalls.



  • Thanks for your reply

    Yes i did that already, but my motherboard is limited slot for PCI for LAN CARD only 2 SLOT plus the built in from the motherboard,



  • Im planning to implement different subnet to control the ports we have 8 deparments each department i want to use pfsense firewall
    see attached image




  • is it good to implement like this?


  • Netgate

    You are going to be constantly fighting routing problems if you have hosts on the same transit subnet you have between routers.

    You need another interface on pfSense 1 for the web servers. Your job will be so much easier. Everything will magically "just work."

    If you only have one PCI (?) slot. Get a dual-nic card. Or a managed switch and use VLANs.

    You also have problems with access between 192.168.1.0/24 and 192.168.2.0/24 but that can be handled with static routes (if you want to deal with that.)

    This is all SO MUCH EASIER with multiple interfaces in one router so every node's default gateway is the router with all the routes for the whole network.

    Do you really need to build a network for multiple web servers, and admin department, and engineering department and can't buy any gear at all? They expect you to do it all from the parts closet of old computers nobody has been able to bring himself to throw away?

    Why do the admin and engineering department have to be firewalled from each other? Why do they need to be separate subnets in the first place?


  • Rebel Alliance Global Moderator

    No that is not how it would be done.. Even if you wanted to use multiple pfsense, that is NOT how it would be done..

    Completely agree with Derelict, this would be much easier with just 1 pfsense and multiple segments.  If have spare hardware setup a carp, etc.