Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    General Routing/Switch question

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 2 Posters 839 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jkamal
      last edited by

      Hi all,

      I'm looking for some general advice on how to accomplish the following task:
      -Add a new network, separate from the main network that is controlled by my pfsense device. This is to provide access to a fileserver even if the main network collapses.

      I'm attaching a simple diagram of what I think might be the best way to handle it, but am looking to see if this is the right approach in general. My plan is to add a router in the small office, set it to define a new network of 192.168.3.0/24, and then set its gateway to the pfsense device(192.168.2.60/24). However, my concern is that when users are connected to the new 192.168.3.0, I need them to not only access the internet, but the other resources in 192.168.2.0/24. What rules would I need to setup in pfsense to allow this?

      I'm assuming something along the lines of static routes..? All I need is to be pointed in the right direction!! :-)

      Thanks in advance, diagram follows:
      Blank Diagram.png

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott
        last edited by

        Why do you need a 2nd router? Why not just use another interface on the pfSense box for it. You can then set up whatever rules you need.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • J
          jkamal
          last edited by

          Because the underlying assumption for this is that the main pf-sense network fails, and mission-critical work needs to continue in that other office.

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @jkamal
            last edited by

            @jkamal said in General Routing/Switch question:

            However, my concern is that when users are connected to the new 192.168.3.0, I need them to not only access the internet, but the other resources in 192.168.2.0/24. What rules would I need to setup in pfsense to allow this?

            Given that the traffic will not pass through pfSense, there is nothing you can do to configure it. All traffic between that new router and the 192.168.2.0 network will be local traffic and not involve pfSense at all.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            J 1 Reply Last reply Reply Quote 0
            • J
              jkamal @JKnott
              last edited by

              @JKnott Thanks!! That is what I figured. Just for the sake of learning general networking and pfSense, if I connect my new router directly to pfsense instead of the switch, what rules would I need to gain access from new 3.0 net to the original 2.0 net?

              JKnottJ 1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott @jkamal
                last edited by

                @jkamal said in General Routing/Switch question:

                @JKnott Thanks!! That is what I figured. Just for the sake of learning general networking and pfSense, if I connect my new router directly to pfsense instead of the switch, what rules would I need to gain access from new 3.0 net to the original 2.0 net?

                That would depend on what you need to allow. I still don't understand why you need that router, as you seem to be relying on pfSense regardless. If you're really worried about pfSense failing, then configure that other router as a drop in replacement for pfSense, to create a functional, if not optimal, network.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                J 1 Reply Last reply Reply Quote 0
                • J
                  jkamal @JKnott
                  last edited by

                  @JKnott There is an extensive backstory there. Essentially, the pfsense network has serious wiring issues and switch problems that are going to be fixed. With a cheap router, I can keep the users in that small office working indepedently-- and if I need to give them internet access, I can do a bridge-to-hotspot connection. All that they need is their server. As things stand now, I cant touch the main network without taking everything down; that is what is to be prevented. That office runs 24x7, the rest of the network can be taken offline after-hours for fixes.

                  Continuing with the exercise, assume that I need all endpoints in the new 3.0 to access all resources in the old 2.0, what would be the configuration?

                  1 Reply Last reply Reply Quote 0
                  • J
                    jkamal
                    last edited by

                    For the scenario of connecting directly to pfsense router instead of the switch, I think I will be able to figure this out based on this video: https://www.youtube.com/watch?time_continue=249&v=XdzfgapJYqw

                    Will do testing and report if any issues arise!

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.