Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Advice for multiple subnets/networks?

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nicko029
      last edited by

      Hi,

      I recently changed ISP. My new ISP gave me a few public IPs. I need your advice how to set up network.

      So, I'll use 2 public IPs for one server with Exchange, DNS (just for local domain) and AD/DC. The other machine should host FTP server.

      PCs in network 192.168.1.0/24 should have Internet connectivity, and also as it should 2 of my servers.
      PCs in network 192.168.0.0/24 should not be able to have Internet connectivity (they use other gateway for that), but should be able to communicate with PCs in first network and two servers. They do not need firewall.

      All PCs are in the domain.

      Here's the network topology:

      Is it possible to realize my idea like shown in the diagram? And how should I configure NAT and other stuff in pfSense?

      On completely different topic, I was looking to buy for pfSense:

      • Supermicro X7SPA-H-D525 (Atom 1.86GHz)
      • 2Gb ram

      Will it be enough for 20/20Mbps connection? I need just firewall, maybe a few packages, and less maybe VPN?

      Thanks!! :)

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        The hardware should be well enough for a 20/20. It should be able to handle a 500/500 almost as well.

        It is certainly possible, but you are going to have to create routes on both of the edge devices to point to the other for the opposing network. Either that or a static route on each and every machine. The NAT will only be configured only for the WAN interfaces. You will need to create ProxyARP interface in each firewall so that the other FW can route to it. You will then to make rules to allow traffic from one network to the other.

        1 Reply Last reply Reply Quote 0
        • N
          nicko029
          last edited by

          Thx for answering!!

          My first concern is actually with the network configuration.
          Should I go with option 1 (the image above) or option 2?

          In option 2, the public network is connected directly on firewall (pfSense). What would be easier to configure?
          I'll use Router1 just for routing.

          Option 2:

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.