OPNsense Forum
English Forums => High availability => Topic started by: Haruspice on June 01, 2023, 04:28:45 pm
-
Hi,
maybe it's an stupid idea :
i have 2 isp (with both some ip) , and 1 server that i want to be join "by both ways" (backup idea)
i configure 2 GW and a group gateway (working, if i drop a connection, i can still "surf" , my pub ip change according to isp)
i register dns for both public IP : OK , dns respond both IP , client will use "both IP" and if 1 isp fail, clients will check other IPs so they will connect after a timeout (some browser are more "quick" to alternate ...)
i configure port forward from both public IP to internal server
i got an erratic connexion
my problem is that i can only reach "main ISP" forward (i test by forcing 2 test domain , 1 on each ip)
the "backup ISP" configuration not working
log of opnsense tell me it's fine ...
tcpdump on the server let me view packet from the "backup ISP"
if i drop "main ISP GW" (just desactivate it) , the "backup ISP" access to server to life *tada*
So i guess it's a "return path" problem when i come through "not mainstream"
i'm sure i'm missing something "evident" , but i'm going to become mad
Maybe a clue ?
Thx
-
Get my answer , tricky :
i have to "MARK" my incoming packet on ISP2 incoming rule (FW_ISP2_VLAN)
i have to create a rule "OUT" on internal server interface (FW_INTERNAL_SERVERVLAN), which match "MARK" (and any for all), and place REPLY-TO to ISP2 gateway, with keep state (advance parameters)