Connect certain IP-ranges across multiple PFsenses
-
Hello guys,
I've got a question related to using multiple pfsenses in a company with multiple buildings across the town.
Our company is using a pfsense in every building we have. The Central PFSense (10.1.10.1) uses DHCP for the other PFSenses. Our ISP uses QinQ to manage the connections.
The things i try to manage:
- Having Workstation 10.1.97.1 connect to the Workstations with 10.X.97.X
- Having the Workstations 10.X.97.X communicate with 10.1.97.1 and the internet
- Not disturbing the other departments/workstations from using the internet
I already checked a few threads around here, but didn't find anything useful yet.
I've heard about static routing and transfer networks, but never used them before.I'd like to know if this is theoretically possible and if yes, could you explain it to me?
-
Yes, it's possible, but I would not do it like that.
I would put each pfSense on its own transit network, such as 10.1.10.0/30 for the link to the top pfSense and 10.0.10.4/30 for the link to the lower pfSense.
You can keep them on the same network like they are if you want to, say, enable an OSPF area containing all three routers so they all know where to send the traffic without relying on hairpinning, ICMP redirects and other nastiness. Or maintain static routing tables pointing everything where it needs to go.
