Messages

Hi. Sorry for the late response.

The firewall rule and alias look exactly like mine...

Might sound stupid, but did you synchronize the changes to your second firewall?

I tried it last weekend and it seems like the problem is solved for me.

Kinda feel stupid now, because it should have been obvious from the start to exclude ALL subnets from this firewall rule, that don't belong on a WAN network...

So 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, right?

Try to add 224.0.0.0/24, 239.255.0.0/16, 239.192.0.0/14 to the alias.

How did you configure multi WAN? Firewall rule with redirect gateway?

Yes, my second ISP is Vodafone.
The main WAN is Telekom, no problems there.

Actually it came to my mind, there is a firewall rule that could be the culprit... Because I'm using load-balancing, there's a firewall rule that splits traffic to both WAN interfaces.
I will be on-site on Saturday and will check whether this causes the problem. (Although, if it is... Then it should be on both WAN interfaces, right?)

Do you use load-balancing or just failover?

@aeschma

Yes, I actually do have 2 WAN connections for failover. But those also have their own interfaces.

No firewall rules that should relay this traffic.
The other WAN does not have this problem.

There are no VLANs configured. All dumb switches.

Each network has its own interface in OPNSense.

Well... Thats unfortunate.

In my setup there is MDNS and SSDP traffic leaking from LAN to the WAN site.
No MDNS-repeater setup, no special NAT rules, not even VLANs.

I also tried blocking this traffic with firewall rules, but it seems to only affect about 80% of the packets. Some still get through to the WAN interface and cause a broadcast/multicast loop.

I'm running into the same problem. Same setup as you, IP range from Vodafone on WAN. Using CARP to share 1 public IP between both routers.

Does setting them to "isolated network" mess with the CARP setup? Have you tested failover?