Make gateway available in another subnet



  • I have a lot of different subnets in my network. I have one for my LAN Network, one for my DMZ Network and one for my Tor hidden services. I am using the gateway of my ISP as default gateway. I've installed a Tor client on a LXC Container in my Tor subnet and configured it in a way which allows me to use it as a gateway in the other LXC Containers in the same subnet. I also added some static routes and Domain Overrides in the pfSense firewall which allow me to use .onion addresses in my LAN and DMZ subnet. Since I don't route IP Packages in my LAN subnet with destinations which are reachable without Tor through the Tor network, accessing a website in the Tor network from my LAN subnet could deanonymize me and my Tor hidden services.

    I need a gateway in my LAN subnet which forwards all packages to the gateway in my Tor network, this would allow me to rout all my traffic
    through the Tor network whenever I want.

    I won't merge my LAN and DMZ subnet, because I block every connection from my Tor subnet to any other subnet for security reasons.
    I can't add another pfSense firewall as gateway, because my KVM Host doesn't have enough RAM for another full virtualization.
    I can't use a combination of a Virtual Proxy ARP IP and NAT 1:1 Mapping too, because I can't forward packages without the Proxy ARP IP as destination address this way.

    Is there a way to have something like a Proxy ARP IP, but with a possibility to route packages with its MAC as destination to the Tor gateway in my Tor subnet?

    Edit: I added a diagram of a part of my network as an attachment.
    ![My Network.png_thumb](/public/imported_attachments/1/My Network.png_thumb)
    ![My Network.png](/public/imported_attachments/1/My Network.png)