Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
POSSIBLE BUG FOUND: Multiwan reply path issues
« previous
next »
Print
Pages: [
1
]
Author
Topic: POSSIBLE BUG FOUND: Multiwan reply path issues (Read 1557 times)
rjdza
Newbie
Posts: 14
Karma: 0
POSSIBLE BUG FOUND: Multiwan reply path issues
«
on:
September 16, 2021, 03:49:38 pm »
Hi all. I have three WAN links, Link A (LA), Link B (LB) , and Link C (LC).
LA gives me a public IP address range.
LB gives me a public address range.
LC has a single public IP on the provider's hardware, and an RFC1918 IP on the inside (we use 10.0.0.0/24)
I have LA set as my default gateway. I can connect to my LA firewall IP address with no problems. I can connect to my LB firewall IP address with no problems. I cannot connect to the catchall LC IP address at all.
If I make LB my default gateway, then I can connect to my LA firewall IP address with no problems. I can connect to my LB firewall IP address with no problems. I still cannot connect to the catchall LC IP address at all.
If I make LC my default gateway, then I can NOT connect to my LA firewall IP address. I can NOT connect to my LB firewall IP address. I now CAN connect to the catchall LC IP address with no difficulty.
I have some ports forwarded to other hosts inside my DMZ, linux machines, and the linux boxes can accept connections to all IP addresses all the time.
(There are actually 4 firewalls in a failover configuration using CARP, but to get figure this problem out I've reinstalled 2 of them and they have no other configuration at all. Only putting this here in case I reference things that seem to make no sense later on.)
EDIT: Forgot to mention that traffic dumps show traffic that should be going out LC gets routed out over the default gw, while LA and LB traffic always goes out the correct gateway. LA and LB are fibre rlinks, while LC is a radio link. Unsure about LA and LB, but LC definitely uses a Mikrotik a gw device (I believe that LA and LB also use Mikrotiks, but am unsure).
Also forgot to mention that the firewalls connect to each WAN link using it's own dedicated VLAN - providers do not share an interface. The switch used to be a 3COM, but is now a Mikrotik Cloud Switch (although, IIRC, we had the same problem when we were using an old Netgear switch).
«
Last Edit: September 17, 2021, 07:10:30 am by rjdza
»
Logged
rjdza
Newbie
Posts: 14
Karma: 0
Re: Multiwan reply path issues
«
Reply #1 on:
September 16, 2021, 09:30:40 pm »
I have found a workaround. If I change related firewall rules to include setting the reply-to to the interface name, everything works as expected.
I think this is a bug
, as reply-to should automatically be set unless disabled, and I have not disabled it on my setup. (If this is a bug, it applies to pfSense too)
How do I go about determining if I need to log this as a bug?
tx
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
POSSIBLE BUG FOUND: Multiwan reply path issues