Connecting two internal lans with pfsense firewalls…



  • Hi. We recently divided our office into two separate networks, with two Internet connections. We are using a pfsense router on our existing network and it is working fine. On our new network, I plan on using another pfsense firewall since the first one has worked so well. Unfortunately, the new network still needs to access some services from the existing network, like our AS400. Is there a way to connect both networks internally? Or is this not possible w/ pfsense? Thanks!!

    Here is what our network looks like:





  • @rrbranco:

    Do a VPN between them using the internet as the transport.

    http://forum.pfsense.org/index.php/board,39.0.html

    http://forum.pfsense.org/index.php/topic,5148.0.html

    http://forum.pfsense.org/index.php/topic,2377.0.html

    Thanks for the reply. Is there a way to accomplish this without a VPN? Everything is in the same building, all on the same floor. I don't see a need to setup a site-to-site VPN b/c this is all on the same site. Thanks!



  • You already have a router on each network? Or is that proposed? I'm going to ignore it for the moment. My initial thought would be to just add a second WAN and a second LAN into the existing pfSense, then use the second box as a failover using CARP. That may be getting a bit ahead of things. The simpler solution would be to drop a NIC in your first firewall with an IP on the second network. Then put a route to the first network on your second pfSense box (via the 1st firewalls IP on the 2nd LAN). Make sure you allow the traffic on the firewall. If the routers are already in, just add a route to each network via the router on each firewall…



  • what if you add new network interface on both boxes, connect them using a switch / hub or even a crossover cable, add route to remote network selecting the remote pfsense as gateway and configure pfsenses to allow (the necessary) traffic between each other.

    
    internet                           internet
         |				      |
         |				      |
    /----+-----\  		         /----+-----\
    |          |  route to LAN 2 ->  |          |
    | pfsense1 +---- new net --------+ pfsense2 | 	
    |          |  <- route to LAN 1  |          |
    \----+-----/                     \----+-----/
         |                                |
         |                                |
      LAN 1	                           LAN 2
    
    


  • @dotdash:

    You already have a router on each network? Or is that proposed? I'm going to ignore it for the moment. My initial thought would be to just add a second WAN and a second LAN into the existing pfSense, then use the second box as a failover using CARP. That may be getting a bit ahead of things. The simpler solution would be to drop a NIC in your first firewall with an IP on the second network. Then put a route to the first network on your second pfSense box (via the 1st firewalls IP on the 2nd LAN). Make sure you allow the traffic on the firewall. If the routers are already in, just add a route to each network via the router on each firewall…

    Where would i configure this within pfsense on the 2nd firewall? What would I be setting for the configuration? I've never done this before. :)



  • Assuming you put a NIC in the existing firewall and address it 10.10.1.254/21, connect it the new network. You would then go to system, static routes on the second box and add a route to 192.168.0.0/21 gateway 10.10.1.254. Then make sure firewall rules on both sides allow the traffic.


Log in to reply