Two networks to share the same NAS



  • I would like for the two networks to have separate routers and just in general be kept separate apart from sharing the same NAS. Is this achievable?

    My thoughts on doing this:

    Network 1: 10.10.0.0 subnet with a DHCP server, where 10.10.1.1 is the router
    Network 2: 10.10.10.0 subnet without a DHCP server, where 10.10.10.1 is the routher and the devices attached have 10.10.10.1 as the default gateway and IP's are hardwired.

    Now if I link these two networks together, should this work fine? On the network 1, devices should obtain default gateway and IPs through DHCP and on the network 2, the devices have the IPs and default gateway hardwired, hence they should use internet connection of the 10.10.10.1 router.

    Now how do I attach the NAS to all this and how do I make sure that both networks see it?



  • Network 1: 10.10.0.0 subnet with a DHCP server, where 10.10.1.1 is the router

    That won't work.  Typo perhaps?  Try either 10.10.0.0/24 with pfSense LAN NIC at 10.10.0.1, or 10.10.1.0/24 with pfSense LAN NIC at 10.10.1.1.

    Your NAS will be native to LAN and you just need to add a firewall rule on OPT1 to allow access from OPT1 to LAN.



  • I would put a separate cable between the 2 pfSense router boxes. From each define a gateway to the other pfSense with a static route to the "remote" LAN. That way each LAN has just its local pfense router on the LAN and the pfSense routers can shunt inter-LAN traffic between them.
    This gives you complete control over firewalling whatever you want to be allowed/blocked and there is no problems with asymmetric routing.
    Then put the NAS in one of the LANs (the one where it will be used the most), or make another LAN on another interface on 1 of the pfSense to put the NAS.



  • is there a way for both routers to have dhcp enabled?


  • LAYER 8 Netgate

    If high performance to the NAS is a concern, you might want to do this at layer 2.

    You could get a managed switch that could do something like this:

    pfSense on Port 1
    NAS on port 2
    Host group 1 ports 3-8
    Host group 2 ports 9-16

    You could create private VLANs so that:

    Host group 1 can talk to each other, pfSense, and the NAS but not host group 2.
    Host group 2 can talk to each other, pfSense, the NAS, but not host group 1.

    Both groups would be on the same pfSense interface, same DHCP scope, same subnet, same firewall rules, etc.  Traffic to/from both host groups and the NAS would be switched.

    If you route it you'll have to choose which subnet gets the NAS and all traffic to/from the other subnet will be routed.

    Or put a NAS interface on each subnet.



  • There is an issue here. Basically the whole point is migrating from a shitty router onto a pfsense router. But I don't want to just switch them, because it's a live network. so ideally I would want to merge the networks and one by one remove people from the old router and for everyone to start using pfsense.

    What you have described with a switch sounds pretty complex


  • LAYER 8 Netgate

    Not really, but your call.


Log in to reply