I mean. Someone will have to maintain the same kind of infrastructure that visa and mastercard does. It would require a monumental amount of investment. Not to mention that it can, under no circumstances, go down during peak use.

No clue. I guess they are the type that likes to have things overly complicated.

I think the packets take one way in, and get routed a different way out.

It looks incredibly convoluted. My best guess is that traffic hits 172.168.1.254 and gets routed out on the internet and doesn’t pass the dmz.

Then i assume there is something wrong in the routes from your lan when returning traffic that got initiated through the internet opnsense. If you can see traffic hit the LAN network, all should be well on the way in.

Perhaps some sessions on the way time out due to low TTL. I’ve experienced drops of traffic when there are too many hops.

Its possible, depending on how you’ve setup your NAT, that the traffic cant return due to coming from a public ip.

Why do you have public ip-span configured as LAN?

Same. Until Linux is supported by scada systems it will only be a service, non-hmi OS, in my world.

10 and 11 are waaaaaaaay better than 8. But meme is meme.

Sorry about my confused rambling 😅 Yes, the example was to demonstrate the difference between subnetting and vlan. Albeit simplified. What you said is right.

The poster i was responding to equated subnetting to vlans. I might have misunderstood what they meant though. It sounded like they wanted to use the same subnet per vlan, which wont work if you want them routed in the same gateway.

Reading it again they make it sound like you can’t subnet all of these networks on a switch without vlan, which you definitely can. I could for example connect 4 different devices on the subnet 192 168.10.x/24 and have them reach each other. I could also connect 4 more devices in the same switch but on a different network 192.168.20.x/24 and it would work.

You can’t use the same subnet on different vlans if you ever intend for both of them to reach the internet. In that case you’d need a second router which just defeats the purpose

Hahaha thats brilliant

I could give you an example. In my kitchen we have a faucet with a detachable aerator. We detach it when we want to use a attachment for a garden hose. When attaching the aerator or the garden hose attachment, the threads are reversed. I might be wrong, but two opposing threads shouldn’t be able to screw into one another right?

I don’t think we have a Swedish one. But we call clockwise “medsols” and counterclockwise “motsols”. Meaning “with the sun” or “against the sun” Does everyone have reversed threads on plumbing or is that a Nordic/Swedish thing? All plumbing has the reversed rule, left tightens and right loosens.

It has to do with link priority on the server. You’d imagine that a server that receives a packet that has a return address on the same subnet as it self logically would use that interface instead.

A similar thing happens in switches. For example if you have two vlans on a switch and both vlans have an ip assigned, connect a computer to one of the vlans. You will only be able to reach the switch on the non-routed connection. Even if you also are allowed to reach the second vlan through a router/Firewall.

My guess is that the server receives the packet from the client with src .11.101 dst .10.102 and tries to respond over the interface that has .11.102 assigned. The client expects a response from src .10.102 and drops the packet. But I would turn on a packet sniffer in the gateway to see if the returning traffic even passes the Firewall in scenario 1.

Reset the AP to make sure it uses dhcp for its own ip and update firmware from unifi network after adopting the AP again.

Test it by swapping places of the access points to find out if the issue is related to the access points or something else.