Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Connecting two internal lans with pfsense firewalls…

    NAT
    3
    7
    2915
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bla4free last edited by

      Hi. We recently divided our office into two separate networks, with two Internet connections. We are using a pfsense router on our existing network and it is working fine. On our new network, I plan on using another pfsense firewall since the first one has worked so well. Unfortunately, the new network still needs to access some services from the existing network, like our AS400. Is there a way to connect both networks internally? Or is this not possible w/ pfsense? Thanks!!

      Here is what our network looks like:

      1 Reply Last reply Reply Quote 0
      • R
        rrbranco last edited by

        Do a VPN between them using the internet as the transport.

        http://forum.pfsense.org/index.php/board,39.0.html

        http://forum.pfsense.org/index.php/topic,5148.0.html

        http://forum.pfsense.org/index.php/topic,2377.0.html

        1 Reply Last reply Reply Quote 0
        • B
          bla4free last edited by

          @rrbranco:

          Do a VPN between them using the internet as the transport.

          http://forum.pfsense.org/index.php/board,39.0.html

          http://forum.pfsense.org/index.php/topic,5148.0.html

          http://forum.pfsense.org/index.php/topic,2377.0.html

          Thanks for the reply. Is there a way to accomplish this without a VPN? Everything is in the same building, all on the same floor. I don't see a need to setup a site-to-site VPN b/c this is all on the same site. Thanks!

          1 Reply Last reply Reply Quote 0
          • dotdash
            dotdash last edited by

            You already have a router on each network? Or is that proposed? I'm going to ignore it for the moment. My initial thought would be to just add a second WAN and a second LAN into the existing pfSense, then use the second box as a failover using CARP. That may be getting a bit ahead of things. The simpler solution would be to drop a NIC in your first firewall with an IP on the second network. Then put a route to the first network on your second pfSense box (via the 1st firewalls IP on the 2nd LAN). Make sure you allow the traffic on the firewall. If the routers are already in, just add a route to each network via the router on each firewall…

            1 Reply Last reply Reply Quote 0
            • R
              rrbranco last edited by

              what if you add new network interface on both boxes, connect them using a switch / hub or even a crossover cable, add route to remote network selecting the remote pfsense as gateway and configure pfsenses to allow (the necessary) traffic between each other.

              
              internet                           internet
                   |				      |
                   |				      |
              /----+-----\  		         /----+-----\
              |          |  route to LAN 2 ->  |          |
              | pfsense1 +---- new net --------+ pfsense2 | 	
              |          |  <- route to LAN 1  |          |
              \----+-----/                     \----+-----/
                   |                                |
                   |                                |
                LAN 1	                           LAN 2
              
              
              1 Reply Last reply Reply Quote 0
              • B
                bla4free last edited by

                @dotdash:

                You already have a router on each network? Or is that proposed? I'm going to ignore it for the moment. My initial thought would be to just add a second WAN and a second LAN into the existing pfSense, then use the second box as a failover using CARP. That may be getting a bit ahead of things. The simpler solution would be to drop a NIC in your first firewall with an IP on the second network. Then put a route to the first network on your second pfSense box (via the 1st firewalls IP on the 2nd LAN). Make sure you allow the traffic on the firewall. If the routers are already in, just add a route to each network via the router on each firewall…

                Where would i configure this within pfsense on the 2nd firewall? What would I be setting for the configuration? I've never done this before. :)

                1 Reply Last reply Reply Quote 0
                • dotdash
                  dotdash last edited by

                  Assuming you put a NIC in the existing firewall and address it 10.10.1.254/21, connect it the new network. You would then go to system, static routes on the second box and add a route to 192.168.0.0/21 gateway 10.10.1.254. Then make sure firewall rules on both sides allow the traffic.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post