Two firewall accessing each other when gateway is down
-
@viragomann if I'm getting correct you mean choosing a gateway on firewall > rules.
In my case every rule gateway on both LAN and WAN is set to * -
First of all i want to thanks everyone reply to this topic and help me find the problem
I do the following to resolve my problem. Maybe somebody else face this problem and may it helps:
1- first i check the ARP table on both firewall and discover none of them have each other MAC addresses. It's so strange for me because i connected to them with https and http but pinging other firewall inside each other even without response that because of firewall rule added it to ARP table.
2- step one doesn't resolve the problem but i believe it was required. Secondly i try many thing s that doesn't work. After several hours of try and error i discovered that base on MAC addresses pfsense send packages directly to opnsense but opnsense reply through defaut gateway to pfsense. After searching on internet i found this link:
https://forum.opnsense.org/index.php?topic=5615.0
Some of opnsense guys says enabling "disable reply-to" option in opensense may resolve the problem.
3- surprisingly enabling " disable reply-to " resolve the problem.
I don't disconnecting the internet yet but i believe problem is resolved.
I'm glad if anyone can explain why this option worked ? Because I'm confused a little bit.
Thanks -
@Farh
Disabling reply-to on the accessed node - yeah, this could be a reason.
When enabled, replies are directed to the gateway, which is stated in the interface settings.Disabling reply-to could lead into issues with multi-WAN setup, however.
To avoid this, you can add pass rules to the top of the WAN rule set only for the source of the WAN subnet and disable reply-to in the advanced options.