CARP VIP not passing traffic

Derelict

I'm always online.

Derelict

igb2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether 00:08:a2:0d:4b:ba
hwaddr 00:08:a2:0d:4b:ba
inet6 fe80::208:a2ff:fe0d:4bba%igb2 prefixlen 64 scopeid 0x3
inet 192.168.0.253 netmask 0xffffff00 broadcast 192.168.0.255
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 vhid 10
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
carp: MASTER vhid 10 advbase 1 advskew 0

That ifconfig looks fine. Is that when it is working or not working?

OneWayLane

That was from not working.

Derelict

OK well there's nothing wrong there. Can you ping your WAN address from there? 8.8.8.8?

Can an inside host resolve DNS?

Derelict

If you look at the ARP table on the inside host when it is not working, the MAC address there should be 00:00:5e:00:01:0a for 192.168.0.1. Is it?

OneWayLane

That MAC (and the associated IP) is not in the ARP table.

OneWayLane

When it works, I get this in the ARP table

COMMLAN 192.168.0.1 84:16:f9:29:53:d9 Expires in 1186 seconds ethernet

Derelict

Then that is something else on your network, not the CARP VIP.

84:16:F9 Tp-LinkT Tp-Link Technologies Co.,Ltd.

Derelict

I am talking about the ARP table on the client.

Are you seeing entries in the system log about "someone else is using my IP" or something to that effect?

OneWayLane

I found a Tp-Link switch that matches that MAC. It appears that it turned on it's default ip address (192.168.0.1) that was causing conflict with the CARP VIP.

Side note, don't build your work network on an over used class C addressing scheme..

Derelict

That'll do it. Glad you found it.

johnpoz

If you do - don't use .1 or .254 since those are common default IPs ;)

Pretty much the reason pfsense IP on all its vlans is .253...