Having two routers share one single internet connection?

emhzs5 · May 6, 2021, 6:08pm

Apologies in advance if this sounds obviously incorrect/impossible/dumb.

Suppose I have a setup like this, where network1 and network2 are for two completely separate physical networks. Is it possible to completely skip NAT on the network appliance box and also have the same public IP on its WAN interface? Is the bride in the diagram possible at all?

The ISP does not allow multiple simultaneous PPPoE connections, and I want UPNP to be functional on both devices (thus DMZ is not possible?).

I want this very peculiar setup because the network appliance is not super reliable and I currently cannot afford to replace it, while the OpenWrt device is known-good and very reliable. I do not want the network appliance to hang and cut off network connections on network1, but stuff on network2 are fine with some short downtime.

Is this setup possible with OpenWrt?

t4thfavor · May 6, 2021, 6:38pm

Turn pfsense into a "pure routing platform" and disable nat entirely. Let NAT and UPNP happen on the Openwrt device.

The pfSense device can still control ingress/egress traffic in the firewall, but everyone will still be using the same public IP, and you'll still be at the mercy of your unreliable device since you cannot have more than one public IP the suggestion above is about as good as it gets.

emhzs5 · May 6, 2021, 8:19pm

Thanks for the advice, is this what you are referring to?

https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

t4thfavor · May 6, 2021, 8:39pm

No, filtering bridge is different. I mean run it as a router with no nat, and use the packet filter to control ingress/egress (disable nat and just setup a static route between the two routers)

So it would look like this:
OWRT Router (192.168.1.1) <-> pfSenseWAN (192.168.1.35)<-> pfSenseLAN (192.168.11.1) <-> Clients of the pfsense router on the 11.0/24 subnet.

You would need a static route on both the owrt and the pfsense box.