Weird Routing Issue
dan_j last edited by
I've got a 2 pfsense servers set up with six NICs each in a failover setup.
Both servers have:
1: uplink from ISP (range 95.XXX.XXX.188/29) - all inbound traffic is routed to virtual IP 95.XXX.XXX.190 by the datacentre provider
2: link 1 to internal switch 1 (publicly addressable IP addresses 212.XXX.XXX.126/26)
3: link 2 to internal switch 2 (publicly addressable IP addresses 212.XXX.XXX.126/26)
4: link 1 to private traffic switch (private IP range 10.70.XXX.0/24)
5: link 2 to private traffic switch (private IP range 10.70.XXX.0/24)
6: sync traffic connected directly to each server
Link 1 is assigned to the WAN interface
Link 2 and 3 are assigned to a virtual IP and the PUBLICLAN interface
Link 4 and 5 are assigned to a virtual IP and the PRIVATELAN interface
Any idea why I'm seeing the following in my firewall logs?
I don't understand why established traffic is being treated as 'from the firewall host itself' and being placed under the PUBLICLAN interface rules.
ALLOWED Nov 14 20:51:05 ► PUBLICLAN %(#f70505)[let out anything IPv4 from firewall host itself] (1000006863) ***%(#f70505)[78.XXX.XXX.85]***:33520 212.XXX.XXX.120:4004 TCP:S
I'm concerned because all my rules are set up on WAN. Everything outbound from the 212 range is allowed.
I think it's a routing issue?