Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    sharing a home fios with 2 pfsense's

    L2/Switching/VLANs
    2
    4
    453
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rterren
      last edited by

      I'm a noob with FIOS and two pfsense firewalls.

      I have a c2758 and an sg1000. Currently I have the c2758 plugged in and everything in the house configured just the way I want it with one internal subnet 192.168.35.x/24

      I would like to utilize one of the OPT ports on the c2758 in order to plug the sg1000 in, so that I can tinker and learn. Ideally I want the OPT port to be 100% independent from the c2758, but due to home FIOS only providing 1 iP address I think I will need to rely on the c2758 at least to provide some "internal" address for the sg1000 to then use as it's gateway.

      So I guess at best I can only get 99% independence from the c2758.

      Here's a breakdown

      FIOS - DHCP -> C2758 (WAN port) ->
      DHCP (LAN port) serving 192.168.35.x/24
      -> TPLink switch -> Current devices in the
      house

      Desired end state

      FIOS - DHCP -> C2758 (WAN port) ->
      DHCP (LAN port) serving 192.168.35.x/24
      -> TPLink managed switch -> Current
      devices in the house

      FIOS - (?????) -> C2758 (OPT1 port) -> (?????) -> sg1000
      (WAN port) -> DHCP (LAN port) serving
      192.168.50.x/24 -> some other unmanaged
      switch -> test devices

      I want the "pass thru" to the sg1000 to be unaltered by the c2758, as if the sg1000 was plugged directly into the FIOS

      I have no need to ever connect the two internal networks.
      I've read about bridging and vlans but it's all over my head, and I'm not sure where to start.

      I could plug the sg1000 in to my current setup and DMZ it, but if I were to do something like that then I don't understand what the purpose of the OPT ports are is.

      I appreciate any help possible

      Ron

      1 Reply Last reply Reply Quote 0
      • A
        akuma1x
        last edited by

        You could skip using the SG-1000 entirely, and just plug everything you envision using the SG-1000 for into one of the open OPT ports on the C2758. Give that OPT network a different IP address range, something like 172.16.0.X/24 or similar, turn on it's DHCP server, add a few firewall rules, and then BAM, you've got 2 separate networks, both using your FIOS as their gateway.

        The capabilities of the C2758, especially given that it has "extra" network ports, really takes the place of the SG-1000 and makes it unnecessary.

        Unless, what you really want to do with the SG-1000 is some "destructive" testing, and see how you can really setup, tweak and break a network, then your PLAN-B from above will work just fine. Plug the WAN port of the SG-1000 into one of the OPT ports on the C2758, and run like that. Just be aware, you will be double NAT'ed then, and have to program your setup around that.

        Jeff

        R 1 Reply Last reply Reply Quote 0
        • R
          rterren @akuma1x
          last edited by

          @akuma1x said in sharing a home fios with 2 pfsense's:

          Give that OPT network a different IP address range, something like 172.16.0.X/24 or similar, turn on it's DHCP server

          I plan on using the sg1000, it sits on my desk with no other purpose. I am curious though if I decided to go the method you suggested above how do set up another instance of the DHCP server to serve out the second address range?

          I looked and I see I can add another DHCP pool in my LAN config, but I couldn't figure out how to create another DHCP instance specific to the OPT port.

          Thanks

          1 Reply Last reply Reply Quote 0
          • A
            akuma1x
            last edited by

            @rterren On your OPT port, you have to first enable it, give it a static IP address with a /24 subnet mask. Don't assign a gateway.

            Screen Shot 2020-08-22 at 10.13.46 AM.png

            Then, under Services -> DHCP Server, find that interface, and turn on the DHCP server function. You need to specify a range, a start address and an end address in other words, but that's pretty easy.

            That's all there is to it. If you plug say, a laptop, into the LAN port, you should get an IP address from that range. Then, if you plug the same laptop into the OPT port, you should get an address in the other range. 2 different IP ranges on the same pfsense box. You don't want to use the "additional pool" thing on your LAN network, that's not correct for this scenario.

            No offense, but I wouldn't be too tempted to use the SG-1000 just because it's sitting on your desk. I found myself doing/thinking the exact same thing, but I ended up selling my SG-1000, because I couldn't come up with a good enough reason to keep it. Anything I could think of, I could easily do with the other boxes I've already got, the ones with all the extra network ports.

            Jeff

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.