Hi - I have successfully built my virtualized psfsense router with a pretty much standard configuration of WAN LAN1 and LAN2 (DMZ) for my IOT devices. What I would like to do now is setup another pfsense router #2 (with basically the same WAN LAN1 and LAN2(DMZ) configuration) and test it by connecting the psfsense2 WAN to one of pfsense1’s LAN1 or LAN2 ports. I have researched this but not all steps are clear and prefer to “do it right”.
I would also like to minimize settings changes to pfsense1 and pfsense2.
Do I need to set up a bridge on pfsense1? What about NAT on pfsense2? Also Is it possible to attach more than one router to my incoming cable modem WAN port? Thank you for any assistance in advance.
As far as setting all this up I assume you are trying to setup pfsense in HA? This is doable and I believe good ol Tom has a video on this.
To answer your question about a cable modem to both pfsense boxes this might be doable if you connect both boxes to the modem to get a private IP and put both IP’s in a DMZ.
The simple way to do this is to make the WAN of the lab pfsense the use the LAN addresses of the main network. This means the the lab pfsense has to have a a different subnet in order to route. You will also have to turn off blocking of local networks on the WAN of the lab pfsense. https://docs.netgate.com/pfsense/en/latest/recipes/rfc1918-egress.html
I know this is an old thread, but if I do set it up as you have mentioned, would I have to do anything special HAProxy and Dynamic DNS updates that go out. Would HAProxy be routed on properly on the router behind the other, and would Dynamic DNS update Public IP appropriately.
My situation is this. I just sold my house. I have a pfSense firewall, unRaid running a ubiquiti controller, and a unifi network. My wife and I are moving into our camper while we build and will be staying in it at my Brother in Laws house. I have also set his house up with a pfsense firewall and ubiquiti equpment, but his setup reports to my controller. If I plug in behind his network (they are already on different ip ranges) would it just work or is there something other than what is mentioned in Toms last post that needs to be done.
When I moved from an OpenWRT router to a pfSense router I did this over a period of time and needed both to run and the network to be fully functional, while I was moving each VLAN/network over from OpenWRT to pfSense.
The only way to do this is by having an additional transit VLAN (lets call it migration VLAN) between both routers and set up routes accordingly. This is not a dead simple endeavor and requires some more thought and has a number of pitfalls. I only mentions this because it might also be a solution, and while it is more flexible than the easy path already mentioned by others, this path is considerably more complex and probably not worth the effort in your case.
It worked for me. Not so sure about the DDNS and HAProxy. I was using for a test bed to setup another system. If not too difficult to setup you could just try it. You may have to turn off local net blocking on the WAN of the downstream PFS. Good luck!
