Local LAN traffic going through WAN instead of LAN? Syncthing/immich etc

[mbc0]

Hi,

I am a new user so probably something obvious, but I keep revisiting this problem and now I really need to fix it due to needing to transfer terabytes of data.

I have a local LAN 192.168.0.0/24 and many dockers and several servers all running on it.

For example I have immich & syncthing all local on the LAN

If I try to upload to any of them I am using my WAN connection? how can I make my local dockers etc use the LAN instead?

Many thanks!!

[mbc0]

I have ticked the Automatic outbound NAT for Reflection box

[mooh]

It's been a while since I last used syncthing. But you need to change the default config to keep traffic local. If I remember correctly, one needs to disable global discovery. But it's best to check the syncthing forums. This is a recurring issue.

[mbc0]

Hi!
Thanks for your reply, if I disable relaying (basically force local on syncthing) it never connects.  I have 2 syncthing instances on 2 different unraid servers with the same issue.

Also. I have this issue with nextcloud and immich.

If I restore my old sophos installation instead of opnsense everything works as it should on the LAN so I know it is a setting that I am missing on opnsense somewhere.?

[mbc0]

I have 2 local unraid servers and I am trying to use syncthing on both of them.  They are on the same subnet and IP Range. (192.168.0.33 & 192.168.0.62)

They will only sync using Relay WAN, If I disable the Relay WAN option on either of the servers they lose connection and never connect using LAN

I read about a UDP Broadcast Relay Plugin but can anyone confirm if that would be needed?  I would have thought I would be able to communicate to 2 local LAN servers without needing a plugin?

I have no VLANS, just WAN & LAN interfaces.

Thank you!

[doktornotor]

If I restore my old sophos installation instead of opnsense everything works as it should on the LAN so I know it is a setting that I am missing on opnsense somewhere.?

If you disable reflection and stop pointing things at your WAN's hostname which resolves to your WAN IP, while those services are on your LAN in fact, the LAN <-> LAN packets will flow across the switches and will not hit your OPNsense WAN - and not even LAN - at all.

The reflection hack is doing exactly what it should. You point things to WAN - they go through your router's WAN and then back to LAN. Stupid? Yes, the reflection is a stupid concept.

[mbc0]

If I restore my old sophos installation instead of opnsense everything works as it should on the LAN so I know it is a setting that I am missing on opnsense somewhere.?

If you disable reflection and stop pointing things at your WAN's hostname which resolves to your WAN IP, while those services are on your LAN in fact, the LAN <-> LAN packets will flow across the switches and will not hit your OPNsense WAN - and not even LAN - at all.

The reflection hack is doing exactly what it should. You point things to WAN - they go through your router's WAN and then back to LAN. Stupid? Yes, the reflection is a stupid concept.

Thank you so much for your reply!

I have disabled the "Stupid" reflection but still all my LAN traffic is going through WAN?  If I use Sophos or my Vodafone Router all traffic goes through the LAN as expected.  I must have done something even more stupid than reflection! :-D  Is there another setting somewhere that I have missed? I have rebooted also.

Again, thanks for your help!

[Bob.Dig]

I have no VLANS, just WAN & LAN interfaces.

Why do you use OPNsense then? Maybe start fresh.

[doktornotor]

Regardless of why OPNsense use or not, I'd say tools like traceroute or mtr are pretty straightforward and show the hops across which the packets flow. If syncthing or whatever else does something different with no VLANs in place, it's most likely misconfigured.

I no longer use syncthing but as noted above - it has knobs for related settings. Never heard about immich, no idea.

[mbc0]

Thanks again for your replies!

OK, I will restart OPNSense from scratch, don't recall making any changes from install other than enabling nat reflection but will see how it goes!