2 Firewalls - External ip's back to internal

  • Key4ce


    We have been at this for quite a few days now but seem to be unable to figure it out.
    We have 2 FW Builder 5.0 based firewalls.

    it uses corosync to manage 2 IP Pools (1 for each firewall)  which fails over to the other when one is down. (saves wasting ip's on 2x active/passive setups) .

    now from any External network you can reach everything we got perfectly fine.
    from internal FW1  -> using External ip's -> FW2 -> works perfect with the rule:

    Original source <10.0.1..0/24>
    Original Destination <External IP here>
    Original SRV <Service here (like http) >
    Translated SRC <Firewall 1 Gateway IP>
    Translated DST <Internal Server IP>
    Translated SRV <Original>
    Interface IN <auto>
    Interface OUT <Auto>
    Action <Translate>

    This works perfect.. but ONLY for one of the 2 firewall servers (whos gateway is filled in) at Translated SRC.
    Meaning only half of my VM's can contact eachother. (i got 2 gateway IP's 1 for each IP pack in corosync)
    Internally - Everything can connect using local IP's this issue only occurs when it's using a external IP.
    If i add a second rule with the other Gateway IP -> it fails.
    if i leave Translated SRC empty , it fails too.
    I have tried many different combinations with the Translation rules but seems i just can't get it right.

    Any advice or knowledge will be greatly appreciated! .

    Marco Tiggelaar