Messages

Get my answer , tricky :

i have to "MARK" my incoming packet on ISP2 incoming rule (FW_ISP2_VLAN)

i have to create a rule "OUT" on internal server interface (FW_INTERNAL_SERVERVLAN), which match "MARK" (and any for all), and place REPLY-TO to ISP2 gateway, with keep state (advance parameters)

Hi,

maybe it's an stupid idea :

i have 2 isp (with both some ip) , and 1 server that i want to be join "by both ways" (backup idea)

i configure 2 GW and a group gateway (working, if i drop a connection, i can still "surf" , my pub ip change according to isp)

i register dns for both public IP : OK , dns respond both IP , client will use "both IP" and if 1 isp fail, clients will check other IPs so they will connect after a timeout (some browser are more "quick" to alternate ...)

i configure port forward from both public IP to internal server

i got an erratic connexion

my problem is that i can only reach "main ISP" forward (i test by forcing 2 test domain , 1 on each ip)
the "backup ISP" configuration not working

log of opnsense tell me it's fine ...
tcpdump on the server let me view packet from the "backup ISP"

if i drop "main ISP GW" (just desactivate it) , the "backup ISP" access to server to life *tada*

So i guess it's a "return path" problem when i come through "not mainstream"

i'm sure i'm missing something "evident" , but i'm going to become mad

Maybe a clue ?

Thx