Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Two networks to share the same NAS

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tsolrm
      last edited by

      I would like for the two networks to have separate routers and just in general be kept separate apart from sharing the same NAS. Is this achievable?

      My thoughts on doing this:

      Network 1: 10.10.0.0 subnet with a DHCP server, where 10.10.1.1 is the router
      Network 2: 10.10.10.0 subnet without a DHCP server, where 10.10.10.1 is the routher and the devices attached have 10.10.10.1 as the default gateway and IP's are hardwired.

      Now if I link these two networks together, should this work fine? On the network 1, devices should obtain default gateway and IPs through DHCP and on the network 2, the devices have the IPs and default gateway hardwired, hence they should use internet connection of the 10.10.10.1 router.

      Now how do I attach the NAS to all this and how do I make sure that both networks see it?

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        Network 1: 10.10.0.0 subnet with a DHCP server, where 10.10.1.1 is the router

        That won't work.  Typo perhaps?  Try either 10.10.0.0/24 with pfSense LAN NIC at 10.10.0.1, or 10.10.1.0/24 with pfSense LAN NIC at 10.10.1.1.

        Your NAS will be native to LAN and you just need to add a firewall rule on OPT1 to allow access from OPT1 to LAN.

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          I would put a separate cable between the 2 pfSense router boxes. From each define a gateway to the other pfSense with a static route to the "remote" LAN. That way each LAN has just its local pfense router on the LAN and the pfSense routers can shunt inter-LAN traffic between them.
          This gives you complete control over firewalling whatever you want to be allowed/blocked and there is no problems with asymmetric routing.
          Then put the NAS in one of the LANs (the one where it will be used the most), or make another LAN on another interface on 1 of the pfSense to put the NAS.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • T
            tsolrm
            last edited by

            is there a way for both routers to have dhcp enabled?

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              If high performance to the NAS is a concern, you might want to do this at layer 2.

              You could get a managed switch that could do something like this:

              pfSense on Port 1
              NAS on port 2
              Host group 1 ports 3-8
              Host group 2 ports 9-16

              You could create private VLANs so that:

              Host group 1 can talk to each other, pfSense, and the NAS but not host group 2.
              Host group 2 can talk to each other, pfSense, the NAS, but not host group 1.

              Both groups would be on the same pfSense interface, same DHCP scope, same subnet, same firewall rules, etc.  Traffic to/from both host groups and the NAS would be switched.

              If you route it you'll have to choose which subnet gets the NAS and all traffic to/from the other subnet will be routed.

              Or put a NAS interface on each subnet.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • T
                tsolrm
                last edited by

                There is an issue here. Basically the whole point is migrating from a shitty router onto a pfsense router. But I don't want to just switch them, because it's a live network. so ideally I would want to merge the networks and one by one remove people from the old router and for everyone to start using pfsense.

                What you have described with a switch sounds pretty complex

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Not really, but your call.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.