Multiple identical LANs
-
Hi.
I need to make 32 identical networks for 32 computers in classroom. They need to be able to connect to outside network but don't have to be aware of each other. Something like this:
WAN - outside ip
LAN1 - 192.168.1.1/24
LAN2 - 192.168.1.1/24
LAN3 - 192.168.1.1/24
and so on.I know I can install 32 pfsenses as VMs and make it work but is it possible with only one pfsense install?
I'm very new to pfsense so I'm sorry if this is a stupid question.. ::)
Thanks!
-
If I'm reading your question right, it's impossible. There's no way pfSense would know where to route incoming traffic.
-
Yeah why would your lans have to have the same IP.. Doesn't work that way.. Pfsense can not have 32 interfaces with the same networks on them. It can not have even 2 ;)
Why can you not do
lan1 192.168.1/24
lan2 192.168.2/24
lan3 192.168.3/24
…
lan32 192.168.32/24This is how it would be done. If your only talking about 32 computers.. Why can they not be just on the 1 lan network?
-
Ok, thanks.
So 32 VM Pfsenses it is then.
All the computers has to be identical in every way, even their ip address. There is a Siemens PLC with every computer (and other equipment) and we want to overwrite computers disk with fresh disk image every week (so that if student has done some strange configuration changes to it the next person does not need to deal with it). If every computer and PLC has different ip address we have to configure them every single time individually.
And it is also much simpler to teach with equipment that is identical (even the ip address of the PLC you want them to connect).
But this helps me a lot. Don't have to try it to know it won't work. :)
-
So 32 VM Pfsenses it is then.
Depending on your switch you might get away with private VLANs/protected ports. The same principle a wireless AP can separate clients even though they reside in the same subnet.
But why 32 VMs? That's nearly as great as using 32 physical machines.
What switch(es) do you have on site? -
-
What?
Edit: Just to give you an idea of what I'm talking about look here
https://www.cisco.com/en/US/tech/tk389/tk814/tk841/tsd_technology_support_sub-protocol_home.html
and
http://www.packetu.com/2012/10/23/comparing-pvlan-to-pvlan-edge/ -
"If every computer and PLC has different ip address we have to configure them every single time individually."
Nonsense… I have been in countless class be it with real hardware and or VMs where yeah the machines are re-imaged between classes or even on the fly if a student messes up. They sure didn't use the same IPs.
Students where given their specific IPs to use before class, etc. This is the whole point of dhcp where you could hand out specific IPs to the devices as they boot up, etc. If you want your PLCs to be on specific IP and they can not be dhcp.. you could always just but them on a host only network where each host has its own network that is 192.168.x/? with a 2nd nic that way these interfaces could be 192.168.1.1 for PC and .2 for the PLC, etc..
32 VM copies of pfsense? On what each machine?? That just seems nuts!!
How about you give us some more details of the hardware your working with, etc. And we figure out a better way to do it other than 32 VMs running pfsense just so you can put a nat behind them all using 192.168.x
