Three pfsense as a triangle, one subnet



  • Hi,

    My provider on DC just give me a /28 subnet.
    I need to separate different tenants, so want to use 1 primary pfsense box connecting provider cable, and down there 2 more pfsenses connected to another 2 ifaces of first pfsense.
    Not doing NAT, just routing, Using some of the /28 IPs as Virtual IPs on both second line pfsenses.
    I imagine first pfsense having WAN IP as: 1.1.1.2/28, GW 1.1.1.1/28. And private IPs for downlinks to other pfsenses, like 192.168.1.1 and 192.168.2.1.
    Second line pfsenses having uplinks as 192.168.1.2 and 192.168.2.2. And having VIPs as 1.1.1.3/28 and the other second pfsense having VIP 1.1.1.4/28 as example.

    And adding routers /32 on first pfsense to point to the right second line pfsense.

    Could this be possible?
    Thanks in advance for the analysis!



  • I have a 1/3 rack on a DC, and we need to separate network and BW between 2 tenants (two companies sharing same 1/3 rack). So basically idea is first pfsense doing traffic shaping/QoS.



  • Still an issue?