OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of metaplop »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - metaplop

Pages: [1]
1
General Discussion / Re: Multi-wan and port-forward to one server
« on: February 01, 2021, 12:46:30 am »

Hello, yes two connections have their own ip let's say 1.2.3.4 and 5.6.7.8 and the server 192.168.0.1. I want that fw-wan-1 port-forward pubip1 1.2.3.4:80 to server 192.168.0.1:80 and that fw-wan-2 port-forward pubip2 5.6.7.8:80 to the same server 192.168.0.1:80

Port forward works but reply packets are sent to only fw-wan-2. I want that server's reply to incoming connection from fw-van-1 go to fw-wan-1 and that reply from incoming connection from fw-wan-2 go to fw-wan-2.

In other words: i want some services (http or smtp for example) to be reachable from two different public ips coming from two isp but served by the same server.


2
General Discussion / Multi-wan and port-forward to one server
« on: January 28, 2021, 06:12:21 pm »
Hello, I have 2 WAN connections (handled by 2 different opnsenses cluster in different buildings, ie 4 opnsenses in 2 clusters) and a DMZ handled but another opnsense cluster. I would like to make a port-forward from both WAN connections to the same server:

Code: [Select]
   pubip1                                        pubip2
 -----------                                  -----------
 |  ISP-1  |                                  |  ISP 2  |
 -----------                                  -----------
      |                                            |
 ------------          -------------          ------------
 | FW-WAN-1 |----------| FW-DMZ-IN |----------| FW-WAN-2 |
 ------------   vlan1  -------------   vlan2  ------------
                             | vlan10
                        ------------
                        |  SERVER  |
                        ------------
I can enter from both pubip to the server (port forward OK on WAN openses) but reply (ack packet) goes only to one connexion (to vlan2 in my case).

I tried to play with Sticky connexions, States by interface. I also tried to set local tag on vlan1 incoming packet on FW-DMZ-IN to match reply packets and add a policy routing rule but it seems to be ignored.

Is it possible to do that ? Does anyone has tips ?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2