WAN Interface, Direct traffic not happening

[rvalle]

Hi!

We have 2 routers in the same /27 public subnet. They deal with different things: public services / workplace internet access.

Both have static IP addresses in the same subnet.

For some reason our opnsense router will not just sent traffic to the other one directly, but instead is routed across 3 hops. And the hops are not even the default gateway of the interface.

I have absolutely no idea what is going on.

Static IP, netmask and default gateway are all OK setup.

The generated routes seem also to be perfect: there is a route for the public network/27  with link#2 as gateway with is the WAN ethernet.

the upstream link is fiber of significant lower rate.

I was wondering if there may be some automatic gateway protocol (BGP?) or something, tweaking my setup without my understanding.

Any idea about what could be going on?

[lilsense]

Would you mind drawing this up with some more information. It's hard to understand who's talking to whom?

[rvalle]

Well, the wan interfaces of the 2 routers will not talk to each other directly, despite their public IPs being on the same IP segment.

I have a thought about the situation, and after noticing that the correct routing rules and gateways are in place.

I thought that this has to be happening at ARP level, I search around and I found out about ARP-spoofing.

So I traced traffic in the public segment and there it is clear like crystal.

My own fiber provider is spoofing my ARP traffic, I guess in an effort to stop neighbors from attacking each other or something similar.

I wonder if there is an static-ARP feature in opnsense to freeze at least our main public IPS.