Messages

Hello, yes two connections have their own ip let's say 1.2.3.4 and 5.6.7.8 and the server 192.168.0.1. I want that fw-wan-1 port-forward pubip1 1.2.3.4:80 to server 192.168.0.1:80 and that fw-wan-2 port-forward pubip2 5.6.7.8:80 to the same server 192.168.0.1:80

Port forward works but reply packets are sent to only fw-wan-2. I want that server's reply to incoming connection from fw-van-1 go to fw-wan-1 and that reply from incoming connection from fw-wan-2 go to fw-wan-2.

In other words: i want some services (http or smtp for example) to be reachable from two different public ips coming from two isp but served by the same server.

Hello, I have 2 WAN connections (handled by 2 different opnsenses cluster in different buildings, ie 4 opnsenses in 2 clusters) and a DMZ handled but another opnsense cluster. I would like to make a port-forward from both WAN connections to the same server:

Code Select Expand

   pubip1                                        pubip2
-----------                                  -----------
|  ISP-1  |                                  |  ISP 2  |
-----------                                  -----------
      |                                            |
------------          -------------          ------------
| FW-WAN-1 |----------| FW-DMZ-IN |----------| FW-WAN-2 |
------------   vlan1  -------------   vlan2  ------------
                             | vlan10
                        ------------
                        |  SERVER  |
                        ------------

I can enter from both pubip to the server (port forward OK on WAN openses) but reply (ack packet) goes only to one connexion (to vlan2 in my case).

I tried to play with Sticky connexions, States by interface. I also tried to set local tag on vlan1 incoming packet on FW-DMZ-IN to match reply packets and add a policy routing rule but it seems to be ignored.

Is it possible to do that ? Does anyone has tips ?