pfSense Gold Subscription

Author Topic: SOLVED - Joining 2 separate networks with 2 pfSense boxes  (Read 967 times)

0 Members and 1 Guest are viewing this topic.

Offline elliotcater

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
SOLVED - Joining 2 separate networks with 2 pfSense boxes
« on: July 21, 2016, 05:07:17 am »
Hi, I'm just about to attempt to join 2 self contained networks, already using pfSense as routers using the OPT1 interfaces on each respective router.  Could someone just take a glance at this and tell me if the PC's on the 2 LANs will be able to ping each other?

Many thanks!

edit 01/Jan/18 - image host ditched - see further down thread for re-drawn topology...
**********

Just checked and this works...
« Last Edit: January 12, 2018, 10:38:35 am by elliotcater »

Offline Paint

  • Full Member
  • ***
  • Posts: 208
  • Karma: +32/-2
    • View Profile
Re: SOLVED - Joining 2 separate networks with 2 pfSense boxes
« Reply #1 on: July 25, 2016, 10:15:32 pm »
Hi, I'm just about to attempt to join 2 self contained networks, already using pfSense as routers using the OPT1 interfaces on each respective router.  Could someone just take a glance at this and tell me if the PC's on the 2 LANs will be able to ping each other?

Many thanks!


**********

Just checked and this works...

Yes, this setup will work if you allow subnet 10.0.2.2/24 to talk to subnet 10.0.2.1/24 via firewall rules.
pfSense i7-4510U + 2x Intel 82574 + 2x Intel i350 Mini-ITX Build
940/880 mbit Fiber Internet from FiOS
Dell PowerConnect 2716 Gigabit Switch
Netgear R8000 AP (DD-WRT)
Asus RT-66U AP (DD-WRT)


Offline dalygrey

  • Newbie
  • *
  • Posts: 5
  • Karma: +2/-0
    • View Profile
Re: SOLVED - Joining 2 separate networks with 2 pfSense boxes
« Reply #2 on: August 02, 2016, 08:23:31 pm »
I just set up this example in a lab and have been unsuccessful in pinging from lan to lan.  Although my testing has  been trying to ping the lan interface ip on the other side.  Tomorrow I'll get some more computers and hook those up.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14821
  • Karma: +1375/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: SOLVED - Joining 2 separate networks with 2 pfSense boxes
« Reply #3 on: August 02, 2016, 09:38:01 pm »
if you can not ping the lan inerface on the other one then pinging pc sure and the hell not going to work.

- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline ivers

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: SOLVED - Joining 2 separate networks with 2 pfSense boxes
« Reply #4 on: January 12, 2018, 01:56:52 am »
Just for the record as this is a good match from search engines - after adding static routes between the pfsense boxes, to so System -> Advanced, up top select Firewall & NAT and check the box Static route filtering - Bypass firewall rules for traffic on the same interface.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14821
  • Karma: +1375/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: SOLVED - Joining 2 separate networks with 2 pfSense boxes
« Reply #5 on: January 12, 2018, 04:40:51 am »
Huh?  No that is NOT a good match for search engines... Are you the OP and forgot your login so created another account?

You would not set that sort of setting unless you were hairpin in out an interface and running  - BORKED setup out of the gate, etc. You would never need to do such a setting create a transit network between to pfsense boxes.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline elliotcater

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: SOLVED - Joining 2 separate networks with 2 pfSense boxes
« Reply #6 on: January 12, 2018, 06:36:53 am »
Image host died so redrawn from memory, hope it's right!


You have to add the static routes on both boxes.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14821
  • Karma: +1375/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: SOLVED - Joining 2 separate networks with 2 pfSense boxes
« Reply #7 on: January 12, 2018, 10:22:49 am »
Exactly... Zero to do with ivers statement that you would have to bypass firewall rules on the same interface..  Thanks for the update to your drawing... That is good addition to the thread for any that might find this..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline elliotcater

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: SOLVED - Joining 2 separate networks with 2 pfSense boxes
« Reply #8 on: January 12, 2018, 10:36:52 am »
Yeah, I wasn't quite sure what Ivers is on about with the bypass rules etc...

I understand that Ivers might think the title of the thread (which I assume is indexed) could be good SEO as it is fairly succinct (if I do say so myself! ;)).

So is the transit network (the 10.0.2.0/24 subnet) with static routes on either box the correct what to go?

I did have it set up and working ok but my topology is now different so can't test.

It would be cool, in the event of a downed default gateway; to be able to use the default gateway on router a, from router b's lan (10.0.1.0/24). And vice versa, use the default gateway on router b from router a's lan (10.0.0.0/24).

I did try this but never quite managed it.