Project

General

Profile

Actions

Regression #11436

closed

State matching problem with reponses to packets arriving on non-default WANs

Added by Grzegorz Krzystek almost 4 years ago. Updated over 3 years ago.

Status:
Resolved
Priority:
Very High
Category:
Rules / NAT
Target version:
Start date:
02/17/2021
Due date:
% Done:

100%

Estimated time:
Release Notes:
Default
Affected Plus Version:
Affected Architecture:
All

Description

I have quite specific multiwan setup
WAN (symmetric pppoe) port forward for ssh to lan (rpi)
WAN2 (symmetric commercial link over vlan) a lot port forwards to DMZ_LAN

LAN have clasical failover to "prefer PPPOE link over WAN2"
DMZ_LAN have all outgoing traffic set to go via "WAN2_GATEWAY"

Default gateway for pfsense is set to "prefer PPPOE link over WAN2"

now the problem is that after update to 21.02 all port forwards on WAN2 interface stopped working.
only way to make them work is to switch pfsense default gateway to wan2 , but then portforwards stops working on WAN...


Files

config-castor.ninex.info-20210322144941.xml (139 KB) config-castor.ninex.info-20210322144941.xml Grzegorz Krzystek, 03/22/2021 08:54 AM
config-pfsense.netech.local-20210321101619.xml (1.12 MB) config-pfsense.netech.local-20210321101619.xml Rick Strangman, 03/22/2021 04:43 PM
LAN_to_Bad_WAN.cap (1.11 KB) LAN_to_Bad_WAN.cap Wireshark Rick Strangman, 03/27/2021 11:29 PM
pfSense.PNG (24.7 KB) pfSense.PNG Virtual buildout Grant Derhofer, 03/31/2021 12:43 PM
Actions

Also available in: Atom PDF