Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to access clients that belong to different networks?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tigs
      last edited by

      I have my main router which is pfsense with an ip address of 192.168.1.1. I have also another router with an ip address of 192.168.0.1 and its own dhcp server. The second router's WAN is connected to a LAN port of the main pfsense router. How can a client within 192.168.0.1 network access clients within the 192.168.1.1 network?

      I know I can setup the second router as an AP. I would like to know if I can get the two-router setup to work.
      Thanks

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You are only giving one network for each router (a router has at least two or there's no routing to do) and not indicating whether it is the WAN or LAN side of either router.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • ?
          Guest
          last edited by

          I have my main router which is pfsense with an ip address of 192.168.1.1. I have also another router with an ip address of 192.168.0.1 and its own dhcp server.

          In one network only one DHCP server should work, but if this both networks will be connected together
          it can came to really ugly isues that can´t be explained or solved, so it is better each of the networks
          are using their own DHCP server.

          The second router's WAN is connected to a LAN port of the main pfsense router.

          Then you were creating a dual homed or double NAT scenario and on each WAN port NAT is working.
          And so you will be able to contact the first network from behind the second network but not vice versa.

          How can a client within 192.168.0.1 network access clients within the 192.168.1.1 network?

          Internet –- modem --- WAN port 192.168.1.1 router1 LAN port1 --- WAN port 192.168.0.1 router2 ---- LAN
          So you be able to connect to the router one network from the route two network but not vice versa because
          of the NAT function on the WAN port of router two!

          I know I can setup the second router as an AP.

          You will be also able to switch from NAT to plain routing without pf or firewall rules.

          I would like to know if I can get the two-router setup to work.

          It will be better to use a switch to replace the second router and create VLANs instead of using a second
          router or the second router will be only using plain routing instead of NAT, this would also work. But again
          a smaller or greater switch with the attached 2nd router as a WLAN AP would be the best option.

          Otherwise as a workaround you might be opening some needed ports at the WAN port at the 2nd router.
          But then it will be better to use only in one network one DHCP server and as I see it right this could also
          be done better using a Layer3 switch instead of the 2nd router. Faster, better to configure and more common.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Keep in mind if your going to use a downstream router that pfsense needs to be connected with a transit network to this downstream router.  Unless that 2nd router is going to nat so all traffic to clients on the network connected to pfsense looks like it came from IP of that 2nd nat router.

            I agree with BlueKobold, if want to have multiple networks is normally much better option to just let pfsense route between the 2 networks and not use downstream.  The only time you really want downstream routing to happen is when there is lots of traffic between networks at the downstream router.

            Sounds like your just using some soho wifi router as your 2nd router.  Why don't you just use it as an AP put that wireless and wired device on this 2nd network on connection to pfsense.  This way you can firewall between the 2 networks if you want, etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • T
              tigs
              last edited by

              thanks for the response, and sorry for having not thanked you guys promptly. Been busy at work, not having much time to play.

              I understand the AP is easiest and simplest set up. The reason I am using this setup is because I like second router's simple parental control and DNS filtering presets. With AP setup, I have to use pfsense proxy. It is not inyuitive, and I am not sure it is reliable.

              By the way, the second router is a Netgear R7000 running Asus firmware, merlin variant. This is only for the kids. I have another Access point for the rest of the family.

              I will review all the responses and play a bit more.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.