Weird Routing Issue



  • Hi,

    I've got a 2 pfsense servers set up with six NICs each in a failover setup.

    Both servers have:
    1: uplink from ISP (range 95.XXX.XXX.188/29) - all inbound traffic is routed to virtual IP 95.XXX.XXX.190 by the datacentre provider
    2: link 1 to internal switch 1 (publicly addressable IP addresses 212.XXX.XXX.126/26)
    3: link 2 to internal switch 2 (publicly addressable IP addresses 212.XXX.XXX.126/26)
    4: link 1 to private traffic switch (private IP range 10.70.XXX.0/24)
    5: link 2 to private traffic switch (private IP range 10.70.XXX.0/24)
    6: sync traffic connected directly to each server

    Link 1 is assigned to the WAN interface
    Link 2 and 3 are assigned to a virtual IP and the PUBLICLAN interface
    Link 4 and 5 are assigned to a virtual IP and the PRIVATELAN interface

    Any idea why I'm seeing the following in my firewall logs?

    I don't understand why established traffic is being treated as 'from the firewall host itself' and being placed under the PUBLICLAN interface rules.

    ALLOWED Nov 14 20:51:05 ► PUBLICLAN let out anything IPv4 from firewall host itself (1000006863) 78.XXX.XXX.85:33520 212.XXX.XXX.120:4004 TCP:S

    I'm concerned because all my rules are set up on WAN. Everything outbound from the 212 range is allowed.

    I think it's a routing issue?
    Many thanks
    Dan