2 OPNsenses same WAN network Broadcast Flood

Started by aeschma, May 05, 2024, 12:24:16 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
May 28, 2024, 02:34:13 PM #15
...you had me at "MDNS"....
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
May 28, 2024, 03:07:44 PM #16
You have a Multi WAN Setup?
May 28, 2024, 03:11:57 PM #17 Last Edit: May 28, 2024, 04:06:04 PM by aeschma
Is there the possibility that a Firewal rule relay DHCP or DNS traffic to the WAN interface?

EDIT:

Hope this was the solution for me. Testing at the moment ....

EDIT 2:
Sadly not the solution :(. Have a floating rule which allows dhcp,dns,ntp .... to "this firewall" for all local networks. Deactivated the rule, but broadcast flood coming in ...
June 03, 2024, 09:02:18 AM #18
@aeschma

Yes, I actually do have 2 WAN connections for failover. But those also have their own interfaces.

No firewall rules that should relay this traffic.
The other WAN does not have this problem.
June 03, 2024, 01:38:08 PM #19
Same Setup here ....

But I can't use my second WAN for HA. Second WAN is DHCP only. So second WAN is configured on both OPNsenses but only plugged into one Sense.... on the other is the interface offline.

Your ISP is also Vodafone? If so, do you think it could be an Vodafone issue?
June 03, 2024, 03:47:37 PM #20
Yes, my second ISP is Vodafone.
The main WAN is Telekom, no problems there.

Actually it came to my mind, there is a firewall rule that could be the culprit... Because I'm using load-balancing, there's a firewall rule that splits traffic to both WAN interfaces.
I will be on-site on Saturday and will check whether this causes the problem. (Although, if it is... Then it should be on both WAN interfaces, right?)

Do you use load-balancing or just failover?
June 03, 2024, 04:25:40 PM #21
Yes, I use Load Balancing too.

That's why I asked, but if it was due to Load Balancing, both connections would have to be affected.

I remember a forum post where someone successfully runs HA with Vodafone Cable. So there must exist an solution ....
June 04, 2024, 12:05:04 PM #22
How did you configure multi WAN? Firewall rule with redirect gateway?
June 05, 2024, 07:37:37 AM #23
Yes. I have an RFC1918 Alias, which I use to route the public traffic to a Gateway-Group.
June 05, 2024, 09:05:18 AM #24
So 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, right?

Try to add 224.0.0.0/24, 239.255.0.0/16, 239.192.0.0/14 to the alias.
June 05, 2024, 09:32:04 AM #25
Ok, I will try it. I can't try it until the weekend because I won't be back before then. I will write you.
June 10, 2024, 11:14:57 AM #26
I tried it last weekend and it seems like the problem is solved for me.

Kinda feel stupid now, because it should have been obvious from the start to exclude ALL subnets from this firewall rule, that don't belong on a WAN network...
June 10, 2024, 03:25:18 PM #27
Good to hear it's working for you. Sadly dosen't work for me :(

Here is my alias and firewall rule.
June 14, 2024, 02:21:15 PM #28
Hi. Sorry for the late response.

The firewall rule and alias look exactly like mine...

Might sound stupid, but did you synchronize the changes to your second firewall?
June 14, 2024, 03:13:04 PM #29
Yes, both Firewalls are synchonized. I even restarted the firewalls afterwards.
Print
Go Up Pages 1 2 3
User actions