Extending a Network with an Additional Router



  • I have a server sitting in a room where it only has one ethernet connection wired through the wall that connects me to my pfsense. This server has two nics and I want to put them on different subnets but because I don't have direct access to my pfsense or a managed switch, I have no way of connecting each interface to a different subnet. I was wondering if this could be solved by adding an additional router I have already that isn't being used, and plugging the ethernet connection from the wall into the additional router.

    Specifically I was wondering if it was possible to somehow use this to let me control the creating of additional subnets on my pfsense by putting the router in a different mode, kind of like how you can stick your ISPs router into bridge mode and let pfsense control your network

    If that isn't possible I was wondering if I could just use this extra router to create a whole new network. What I wasn't sure of is if I went this route would that mean there would be no way of me connecting to that network if I were on the regular pfsense network? Or atleast it would be more difficult.

    If there is a better alternative that i'm not considering that would be great too.

    I drew a little description of what I'm thinking of in case it isn't clear.

    Here's what I currently have

    
      +-------------------------+ +----------------------------+
      |                         | |             +--------+     |
      |                       +-----------------+ Switch |     |
      |                       | | |             +--------+     |
      |                       | | |                   |        |
      |      +---------+      | | |                   |        |
      |      | pfsense |      | | |                   |        |
      |      |         |      | | |                   |        |
      |      +---------+      | | |                +  |        |
      |       + + + + +-------+ | |              +-------+     |
      |                         | |              |Server |     |
      |                         | |              |       |     |
      |                         | |              +-------+     |
      |                         | |                            |
      |                         | |                            |
      +-------------------------+ +----------------------------+
    
    

    What i'm thinking about:

    
       +-------------------------+ +----------------------------+
       |                         | |    +-------+    +--------+ |
       |                       +--------+Router +----+Switch  | |
       |                       | | |    +-------+    +--------+ |
       |                       | | |                  + + | |   |
       |      +---------+      | | |                      | |   |
       |      | pfsense |      | | |                +-----+ |   |
       |      |         |      | | |                |  +----+   |
       |      +---------+      | | |                |  |        |
       |       + + + + +-------+ | |              +-------+     |
       |                         | |              |Server |     |
       |                         | |              |       |     |
       |                         | |              +-------+     |
       |                         | |                            |
       |                         | |                            |
       +-------------------------+ +----------------------------+
    
    

    Or this:

     +-------------------------+ +----------------------------+
     |                         | |   +--------+    +-------+  |
     |                       +-------+Switch  +----+Router |  |
     |                       | | |   +--------+    +-------+  |
     |                       | | |                      | |   |
     |      +---------+      | | |                      | |   |
     |      | pfsense |      | | |                +-----+ |   |
     |      |         |      | | |                |  +----+   |
     |      +---------+      | | |                |  |        |
     |       + + + + +-------+ | |              +-------+     |
     |                         | |              |Server |     |
     |                         | |              |       |     |
     |                         | |              +-------+     |
     |                         | |                            |
     |                         | |                            |
     +-------------------------+ +----------------------------+
    
    

  • LAYER 8 Global Moderator

    If want a different network create a vlan in your pfsense, do you have smart switch.. Using a downstream router makes NO sense unless your in a very large enterprise where you move lots and lots of data between network segments that do not need firewalling. And the reason they can not just be on the same network is you have too many devices!!! etc..

    In a home setup I really can not think of a reason for a downstream router.  Unless you nat at this router, you create a asymmetrical routing issue between devices that are between your 1st router and your 2nd router and devices after the 2nd router.  You would also have to port forward and now your devices are behind a double nat to the internet, or even maybe a triple if you are already double, etc..  if you don't want to do all that then the 2nd router needs to be connected to your first router with a transit network.  No hosts on it..

    Just create another network on your 1 pfsense and then either get a smart switch that supports vlan and use those, or just get another switch and another nic for your pfsense and create 2 completely different physical networks.

    Why do you want to put this server other nic on another subnet?  What is the point of that?  How many ports does your switch currently have, how many devices?  You do know you can pick up a smart switch that does vlans for like $40 (8 port gig), sometimes less.  Does your pfsense have any free nic, do you have space to add 1 or change to a dual port or quad port nic?

    Not all that smart - but id does do vlans!
    https://www.amazon.com/TP-Link-8-Port-Gigabit-Ethernet-TL-SG108E/dp/B00K4DS5KU

    $35.. You can get the 5 port model for $20..  You can still use your current switch downstream from your smart switch as long as all the ports on that switch will be in the same network.

    You need some more nics for your pfsense PC??  Here is quad for $32
    https://www.amazon.com/HP-NC364T-Gigabit-Server-Adptr/dp/B000P0NX3G/ref=pd_lpo_147_bs_lp_t_2?_encoding=UTF8&psc=1&refRID=CWNRBTVVKFZQ33178F7D

    Why would you bring up a whole other router??  So see attached pics, you can do it like top 1 with just completely different dumb switches and multiple nics in pfsense.  Or you can do it with smart switch and vlans and single or multiple nics in pfsense.  If you need more switch ports you can use dumb switches, they just need to be in same network.  If you have multiple smart switches you can put any network on any switch port, bottom setup.




  • I think I didn't quite make things clear. The server is in a different room and a different part of the house so I can't bring in more than one connection to that other room. I was thinking vlans made the most sense but I only have one managed switch and it is being used in the room where my pfSense is connecting to other servers.

    This is what I meant to draw anyways, I won't be implementing it though.

    
     +-------------------------+ ------------------------------+
     |                         |  |   +--------+    +-------+  |
     |                       +-+ -----+Switch  +----+Router |  |
     |                       | |  |   +--------+    +-------+  |
     |                       | |  |          |       + +   |   |
     |      +---------+      | WALL        subneta         |   |
     |      | pfsense |      | |  |          +-----+       |   |
     |      |         |      | |  |                |  subnetb  |
     |      +---------+      | |  |                |  |        |
     |       + + + + +-------+ |  |              +-------+     |
     |                         |  |              |Server |     |
     |                         |  |              |       |     |
     |                         |  |              +-------+     |
     |                         |  |                            |
     |                         |  |                            |
     +-------------------------+ ------------------------------+
    
    

    I have plenty of free interfaces on my pfSense I just had no way to directly connect them to the server without buying another managed switch. I also just spent $400 on a managed switch and $100 on a dumb switch, I guess I should have bought a Smart Switch,  and my dad was making fun of me for buying all this new networking gear ;)

    I guess that's what I'll do, get a small managed switch. Is that one you mentioned a good option?


  • LAYER 8 Global Moderator

    What managed switch did you get for $400?

    Sure there are lots of people using that switch I linked too..

    Why exactly are you wanting to add a different network to this server?  I can understand the need of multiple network segments.. But why connect this server to more than 1 of those?  Are you trying to setup a management network, or SAN?  Why does the server need connections into more than 1 network?  Still don't see the point of the "router" in the other room?



  • I'm using FreeNAS and it only lets you use one interface per subnet

    I got this guy, and that was CAD after tax and shipping so not really $400.

    Guess i'll pick up another switch.



  • @Atreides:

    Guess i'll pick up another switch.

    You already paid $100 for a dumb switch. Ouch, did it have 52 ports or golden jacks?  ;)
    Better get this one:
    https://www.amazon.com/TP-Link-Gigabit-Ethernet-Managed-TL-SG3210/dp/B006B7R3YC/ref=sr_1_1?s=electronics&ie=UTF8&qid=1481065636&sr=1-1&keywords=tl-sg3210
    and when you manage it your quite familiar with the CLI or web interface since it's the same as in your TL-SG3424 minus a few ports.

    John's question still stands: why do you think you need multiple subnets on your FreeNAS? You can route to a single link with your pfSense already.
    Alternatively, you could send a trunk from your TL-SG3432 to a TL-SG3210 and untag different VLANs 'locally' in your NAS closet.



  • @jahonix:

    @Atreides:

    Guess i'll pick up another switch.

    You already paid $100 for a dumb switch. Ouch, did it have 52 ports or golden jacks?  ;)
    Better get this one:
    https://www.amazon.com/TP-Link-Gigabit-Ethernet-Managed-TL-SG3210/dp/B006B7R3YC/ref=sr_1_1?s=electronics&ie=UTF8&qid=1481065636&sr=1-1&keywords=tl-sg3210
    and when you manage it your quite familiar with the CLI or web interface since it's the same as in your TL-SG3424 minus a few ports.

    John's question still stands: why do you think you need multiple subnets on your FreeNAS? You can route to a single link with your pfSense already.
    Alternatively, you could send a trunk from your TL-SG3432 to a TL-SG3210 and untag different VLANs 'locally' in your NAS closet.

    Well…. CAD and after shipping, so about $50

    That looks like perfect, thanks.

    I have a SAN that I could use another interface with.  I also tried setting them up as LACP but it had issues, I wanted to try MPIO but that requires multiple interfaces. I also run many services in jails and could use one interface for management and one for the jails.

    Here, read this.


  • LAYER 8 Global Moderator

    Your link isn't working.. You wanted to link here

    https://forums.freenas.org/index.php?threads/multiple-network-interfaces-on-a-single-subnet.20204/

    Ok - yeah agree you shouldn't have more than 1 interface in same network.. And to be honest your lacp would be pointless for anything other than failover..  Unless you have like a shitton of users.. If you have 1 box hitting your NAS, its only ever going to use 1 leg of that lacp connection.  Lagg, etherchannel, portchannel, lacp - whatever term you want to use is 1 + 1 = 1+1 it does not equal 2..

    So your using fiberchannel to this NAS, or IiSCSI or SAS??  That would be when you could use MPIO.. Or is this just sharing files via smb/cifs ??

    So is your idea to use the 1 interface for management in a management vlan,  So your jails are going to share the same interface you share your files off of.. Or you can most likely have the NAS break up the vlans after you just connect it to a trunk.

    Then you only need 1 interface.. So again going to ask why do you want or think you need to connect both of these interfaces.  Are you trying to get more speed?  What?



  • Or you can most likely have the NAS break up the vlans after you just connect it to a trunk.

    Could you elaborate on this? How would the NAS break up the VLANs?

    A fairly big part of it is I have an extra nic and I wanted to use it for something. It's not so much that I NEED to do anything with it.

    It would be nice to be able to experiment with some of this stuff and right now I'm not able to. I'm not so much trying to fix a problem.



  • Perhaps it might be better to get one real good device able to manage that then two of them!?

    • Cisco SG300-10
      VLANs, LAGs, Layer3,…...
      -  MikroTik RB850Gx2
      Can do all things you are asking for


  • @BlueKobold:

    Perhaps it might be better to get one real good device able to manage that then two of them!?

    • Cisco SG300-10
      VLANs, LAGs, Layer3,…...
      -  MikroTik RB850Gx2
      Can do all things you are asking for

    I already have a TP Link TL-SG3424 but thanks. I also needed more ports and I think L2 is sufficient.


  • LAYER 8 Global Moderator

    It would be nice to be able to experiment with some of this stuff and right now I'm not able to. I'm not so much trying to fix a problem.

    Like what?  vlans - you have a managed switch..  Just not getting why you think you need a 2nd router to do vlans?  And not sure what you think having your nas in multiple networks gets you?  If you want to have your devices access files off this nas with using a different interface ok.  But then really your devices need an interface in this other network, etc.

    If you want to setup a management vlan and have your nas have its normal network that it serves up files on, and then a management network you access it from to admin it, ok.  But then your devices you will manage from really need to be in this managment vlan or again its pointless.


Log in to reply