Help: Will this work?

  • Hello pfSenser's!
    I am coming to you with the hope I can accomplish my goal to get a better home and home office experience.
    Currently I have a network setup that consists of the following:


    The router seems to split up into two networks, one is 10.1.1.x and my home network seems to be 10.2.2.x

    Work Network:
    Router-->Work network, ip phone

    The home network:
    Router-->Cisco SG300-10 Switch -->home computers/access points

    I have a few problems with this setup, as it lies.
    First the router is limited to 10/100, and second I cannot forward any ports to my home network, and I cannot access my Plex server/File server from outside the network, and I am having problems with Netplay on the Dolphin emulator.

    I have 2 servers I can use to solve this problem, if my solution makes sense, and pFsense can solve this problem.

    I plan on setting up a VM of pFsense under VMWare Workstation 11 on my file/plex server. Will this work? It has a Haswell Xeon quad core, 16GB of ram, 3Gig-E ports. The server is under a generally very light load, so I'm confident it can do it hardware wise, if I can run pFsense under vmware workstation. I know Vmware can pass thru network adapters in bridge mode, so I think this will work? This router will be handling all DHCP/DNS/Firewalling duties for my home network.

    My other server a 1u supermicro atom 330, 2gigs ram, also with 3 intel gig-e ports, is to be a sort of gateway between the work router and the new home router, and the internet It will do nothing but route traffic between the two networks, no NAT or firewalling. Would this work? How would I set this up?

  • How is pfsense going to solve your problem? The only way I can see pfsense making a difference is if the WAN side of pfsense connects directly to the modem. This gives two possibilities:

    1. If the ISP will give you a second IP address, you can connect a small switch to the modem, and connect the work router and pfsense to the switch. Pfsense's WAN port gets the second IP address.

    2. If you can't get a second IP address, you have to insert pfsense between the modem and the router. Pfsense's WAN port gets the ISP public IP address.  The router's WAN interface would need to get an IP address on the LAN side of pfsense. Unless the router is getting that via DHCP, or you can change it, this isn't going to work. You work applications would also ave to be capable of running over 2 NAT hops. Not all can.

    I've not used vmware workstation, but I know ESX would handle the situation you describe (subject to the above caveats). You might want to install ESX on the server and run your file/plex server and pfsense as virtuals.

  • LAYER 8 Global Moderator

    "second I cannot forward any ports to my home network"

    If you have not access to this router to forward ports, how exactly is putting another nat router behind that going to solve your problem..

  • Hello everyone,
    First let me say that my ISP will only give me one IP.
    Let me clarify my intentions.
    Currently the network is all running through the on router and then goes to my switch. I want to setup a total of three routers if thats possible to accomplish my goal.

    Here is a map of how I think it will work.

    MODEM–>WAN pFsense Router one, Atom 330.Lan ---> Work Router -->Work Computer/Work phone
                                                                      Opt 1 --> 2nd pFsense router on VM -->Switch--> Computers/APs

    The PFsense router 1 will have firewalling and NAT disabled....allowing the other two routers, home and work, to handle all of that.

    Does this make sense, can this work? I just want my home network to not be stuck behind the work router. If my solution doesnt make sense than any alternatives would be great.

  • Interesting. Pfsense #1 would be operating in transparent mode and peeling off ports to send to the other pfsense router, which would be operating in normal layer 3 mode.

    I have no idea if this could be made work.

    If your work router is getting its IP address via DHCP, you could try inserting a pfsense box in between the modem and the router

    modem->(WAN)pfsense(LAN)->switch->home network
                                                        |->(WAN)Router(LAN)->work network

Log in to reply