Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Please tell me how to link 3 networks together

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 974 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      Big Daddy
      last edited by

      Okay, first post here so please go gently with me and type very, very slowly so that I can understand.

      I have three separate networks, all at the same location.  Each has its own router, doing the DHCP thing and dealing with some fixed IP devices. Two of the three networks have a modem, connected to internet with different ISPs.  For the sake of argument, we'll call the networks:
      192.168.0.XXX
      192.168.1.XXX
      192.168.2.XXX

      I want to connect all three networks together to share resources like printers and servers for file backup plus some shared archive data. But each needs to remain free-standing with it's own router so that if any of the other networks (or whatever is connecting them together) goes down they can continue to function stand-alone as before.  So a single router configuration isn't an option, all three existing routers need to remain in place and not becomes slaves of another device.

      If we can team the two internet connections together to get faster throughput or fall back facility then that would be a bonus but it's not the be all and end all and I'm happy for internet connections to remain tied to the individual sub-networks if that's how it has to be.

      Can I achieve the inter-connection I'm looking for by running pfSense on a discreet PC fitted with a 4 port LAN card, connected to each of the present networks?

      If so, can you talk me how to get where I need to be?  If not, can anyone suggest another way around it? Many thanks.

      1 Reply Last reply Reply Quote 0
      • T Offline
        tim.mcmanus
        last edited by

        IMHO you need to replace the routers.  That device is doing the…routing.  Connecting different networks together is essentially creating new routes.

        You could put pfSense behind the routers, but then you'd need to disable any NATing that the router does and let pfSense handle that as well as creating the new routes.  Rather than maintain the two, it would be easier to replace the router with pfSense so you only need to manage one device.

        1 Reply Last reply Reply Quote 0
        • B Offline
          Big Daddy
          last edited by

          Sadly, I don't have an option to combine everything with a single router. I have to maintain their potential for independence if something goes awry.  We've been there. done that and had the problems.  Also, one of the networks has multiple high definition CCTV cameras and servers on it so can hog a lot of bandwidth - I want to keep the other two networks as clean as possible rather than having throughput dragged down.

          Going out and back again via the internet to use VPNs isn't an option either because the upload and download speeds in our locale are pretty chronic.

          Any other ideas of how we can do it?  I'm happy to put some time into configuring router settings if that's what it takes.

          .

          1 Reply Last reply Reply Quote 0
          • T Offline
            tim.mcmanus
            last edited by

            You can set up two pfSense routers in parallel as a failover pair.  They will also do traffic shaping and QoS.

            I run two WANs and two LANs off of the same pfSense box without any issues.  They are extremely customizable, but it requires work and planning.

            Or you can replace all three routers with three different pfSense boxes.  With a layer 3 switch you can vLAN everything and create separate routes between the pfSense routers and their LANs using vLANs.

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by

              so can you make other connections to these routers, what routers do you have?

              If you can make another connection to these routers then you don't even need pfsense, unless you were wanting to firewall between the segments.  If your wanting to put pfsense downstream it can be done but more of pita.  And you going to be hairpinning connections and not optimal setup and you can have asymmetrical routing issues without transit network unless you did host routing

              If your routers can have another interface with a different network its really simple.

              So on router 1 you create routes
              192.168.2.0/24 172.16.0.2
              192.168.3.0/24 172.16.0.3

              on middle router
              192.168.1.0/24 172.16.0.1
              192.168.3.0/24 172.16.0.3

              router on the right
              192.168.2.0/24 172.16.0.2
              192.168.1.0/24 172.16.0.1

              Bing bang zoom all your networks are connected..  If you trying to put pfsense downstream of them all its kind of pita and you have issues with asymmetrical.. Unless your switches can do vlans and your routers can do vlans if you only have 1 interface.. If not I would prob put pfsense upstream and use it for your wan connections - this would allow you leverage both your wan connections in a load balance or failover setup.  See 2nd attachment.

              join3seg.jpg
              join3seg.jpg_thumb
              join3seg-a.jpg
              join3seg-a.jpg_thumb

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.