Multi subnet transparent



  • Hi, I'm fairly new to pfSense and was using Sonicwall products before. I did my fair share of searching and reading in this forum and all pfSense related websites but I could not find any manual explaining the setup I'm looking for. I'm using private IP's for this example, but all IP's will be public for the actual install.
    So here it goes ….the setup I would like to move from Sonicwall to PFsense looks like this:

    Network 10.1.1.0/24
    Gateway 10.1.1.1 -> WAN Port

    Network 10.5.5.0/24
    Gateway 10.5.5.1 -> same WAN Port

    ServerGroup 1: 10.1.1.2 - 10.1.1.253 -> LAN Port
    ServerGroup 2: 10.5.5.2 - 10.5.5.253 -> same LAN Port

    Both subnets are using the same WAN port because there is a switch in front of the pfSense box

    Both subnets are using the same LAN port because there is a switch behind the pfSense box

    If you wonder why I don't just use more interfaces on the pfSense box and setup "regular" transparent bridges for each WAN<>LAN combo, then I can tell you that I would need dozens of network ports on that pfSense box because there are many /24 , /25 and /26 subnets.

    I can setup transparent bridges on pfSense 2.0 and they work great, but how can I add the second gateway (on WAN) and it's subnet (on LAN) to the existing bridge?

    I appreciate any help or hints into the right direction! :)



  • If i was you. I would setup a virtual server and virtualise Pfsense. This would allow you to create multiple Vnics so you can route traffic… and the config is alot easier, especially with Vmware.

    Another way there is an option in pfsense to add in IP Alias's. So under Firewall there is a virtual IP option click this and select virtual IP (IP Alias). Then make up the gateway address for the Lan nick and make it whatever you want. Then the networks will be able to communicate and get out on the internet...

    For security reasons, FYI, if the networks are going via the same switch. I would look into Vlans if i was you. There would be nothing stopping me changing my IP to something else and compromising the network. (you may already have this place, just an observation)


Locked