General Routing/Switch question

jkamal

Hi all,

I'm looking for some general advice on how to accomplish the following task:
-Add a new network, separate from the main network that is controlled by my pfsense device. This is to provide access to a fileserver even if the main network collapses.

I'm attaching a simple diagram of what I think might be the best way to handle it, but am looking to see if this is the right approach in general. My plan is to add a router in the small office, set it to define a new network of 192.168.3.0/24, and then set its gateway to the pfsense device(192.168.2.60/24). However, my concern is that when users are connected to the new 192.168.3.0, I need them to not only access the internet, but the other resources in 192.168.2.0/24. What rules would I need to setup in pfsense to allow this?

I'm assuming something along the lines of static routes..? All I need is to be pointed in the right direction!! :-)

Thanks in advance, diagram follows:

JKnott

Why do you need a 2nd router? Why not just use another interface on the pfSense box for it. You can then set up whatever rules you need.

jkamal

Because the underlying assumption for this is that the main pf-sense network fails, and mission-critical work needs to continue in that other office.

JKnott

@jkamal said in General Routing/Switch question:

However, my concern is that when users are connected to the new 192.168.3.0, I need them to not only access the internet, but the other resources in 192.168.2.0/24. What rules would I need to setup in pfsense to allow this?

Given that the traffic will not pass through pfSense, there is nothing you can do to configure it. All traffic between that new router and the 192.168.2.0 network will be local traffic and not involve pfSense at all.

jkamal

@JKnott Thanks!! That is what I figured. Just for the sake of learning general networking and pfSense, if I connect my new router directly to pfsense instead of the switch, what rules would I need to gain access from new 3.0 net to the original 2.0 net?

JKnott

@jkamal said in General Routing/Switch question:

@JKnott Thanks!! That is what I figured. Just for the sake of learning general networking and pfSense, if I connect my new router directly to pfsense instead of the switch, what rules would I need to gain access from new 3.0 net to the original 2.0 net?

That would depend on what you need to allow. I still don't understand why you need that router, as you seem to be relying on pfSense regardless. If you're really worried about pfSense failing, then configure that other router as a drop in replacement for pfSense, to create a functional, if not optimal, network.

jkamal

@JKnott There is an extensive backstory there. Essentially, the pfsense network has serious wiring issues and switch problems that are going to be fixed. With a cheap router, I can keep the users in that small office working indepedently-- and if I need to give them internet access, I can do a bridge-to-hotspot connection. All that they need is their server. As things stand now, I cant touch the main network without taking everything down; that is what is to be prevented. That office runs 24x7, the rest of the network can be taken offline after-hours for fixes.

Continuing with the exercise, assume that I need all endpoints in the new 3.0 to access all resources in the old 2.0, what would be the configuration?

jkamal

For the scenario of connecting directly to pfsense router instead of the switch, I think I will be able to figure this out based on this video: https://www.youtube.com/watch?time_continue=249&v=XdzfgapJYqw

Will do testing and report if any issues arise!