Hi all,
It's my first post here.

I have 2 routers in my office.

The main one is a Vigor 2820 (lan IP 192.168.1.253) which is configured to failover on a Vigor 2830 (192.168.1.254).
Behind these I have an OpenBSD firewall/gateway (192.168.1.13) with a default route to the 2820.
This all works fine, in the rare occasions that our primary connection to the internet is down (through the 2820) all outbound connections are diverted to the 2830 which is on a different ISP.

Also, on the 2820 I have set up port forwarding on port 22 to the OpenBSD gateway which then forwards to a Linux box in the lan. This works perfectly when using the public IP on this main router.

One thing that I noticed though is that forwarding from the public 2830 IP to the same Linux box does not work.
On the Linux box I get a SYN_RECV, which I think means that once the packet reaches it and it goes back to OpenBSD it is routed through its default 192.168.1.253 gateway and never gets back to the ssh client.

Basically this:

ssh client ---> 2830 ---> OpenBSD ---> Linux ---> OpenBSD ---> 2820 --X--> ssh client

Am I correct?
Is there any way around this?

Thansk in advance

EioPago