Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
High availability
»
2 ISP / Port Forward messed up
« previous
next »
Print
Pages: [
1
]
Author
Topic: 2 ISP / Port Forward messed up (Read 1932 times)
Haruspice
Newbie
Posts: 2
Karma: 0
2 ISP / Port Forward messed up
«
on:
June 01, 2023, 04:28:45 pm »
Hi,
maybe it's an stupid idea :
i have 2 isp (with both some ip) , and 1 server that i want to be join "by both ways" (backup idea)
i configure 2 GW and a group gateway (working, if i drop a connection, i can still "surf" , my pub ip change according to isp)
i register dns for both public IP : OK , dns respond both IP , client will use "both IP" and if 1 isp fail, clients will check other IPs so they will connect after a timeout (some browser are more "quick" to alternate ...)
i configure port forward from both public IP to internal server
i got an erratic connexion
my problem is that i can only reach "main ISP" forward (i test by forcing 2 test domain , 1 on each ip)
the "backup ISP" configuration not working
log of opnsense tell me it's fine ...
tcpdump on the server let me view packet from the "backup ISP"
if i drop "main ISP GW" (just desactivate it) , the "backup ISP" access to server to life *tada*
So i guess it's a "return path" problem when i come through "not mainstream"
i'm sure i'm missing something "evident" , but i'm going to become mad
Maybe a clue ?
Thx
Logged
Haruspice
Newbie
Posts: 2
Karma: 0
Re: 2 ISP / Port Forward messed up
«
Reply #1 on:
June 02, 2023, 09:07:51 am »
Get my answer , tricky :
i have to "MARK" my incoming packet on ISP2 incoming rule (FW_ISP2_VLAN)
i have to create a rule "OUT" on internal server interface (FW_INTERNAL_SERVERVLAN), which match "MARK" (and any for all), and place REPLY-TO to ISP2 gateway, with keep state (advance parameters)
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
High availability
»
2 ISP / Port Forward messed up