Inter VLAN Routing Problem with Trunk Ports
-
Hi,
I am using pfSense since several years and have been very satisfied with it.
Recently i started using Docker with macvlan driver and got some problems.
First i thought it was a Docker problem, but when i configured a linux box with a trunk connection the same prolems arised.
So i am suspecting the problem lies within pfsense now.My Setup:
Problem:
The Linux box (cnt-host) with a trunk port (VLAN1, VLAN10 and VLAN20 on the same NIC) is reaching the pfSense box on all configured Interfaces, and pfSense box is reaching all the Interfaces on cnt-host.
But the Laptop is only reaching the Interface of cnt-host which is in the same VLAN (VLAN20) despite reaching all other (nativ) Devices in all the other VLANS (Firewall is configured to allow all for testing)Some more Details:
cnt-host is a APU2 Hardware running Ubuntu and vlans are configured in /etc/network/interfaces.d/enp2s0
auto enp2s0 iface enp2s0 inet dhcp auto enp2s0.10 iface enp2s0.10 inet dhcp vlan-raw-device enp2s0 auto enp2s0.20 iface enp2s0.20 inet dhcp vlan-raw-device enp2s0
#ip addr ... 3: enp2s0: <broadcast,multicast,up,lower_up>mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0d:b9:45:84:49 brd ff:ff:ff:ff:ff:ff inet 10.0.0.50/24 brd 10.0.0.255 scope global enp2s0 valid_lft forever preferred_lft forever inet6 fe80::20d:b9ff:fe45:8449/64 scope link valid_lft forever preferred_lft forever 5: enp2s0.10@enp2s0: <broadcast,multicast,up,lower_up>mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:0d:b9:45:84:49 brd ff:ff:ff:ff:ff:ff inet 10.0.10.50/24 brd 10.0.10.255 scope global enp2s0.10 valid_lft forever preferred_lft forever inet6 fe80::20d:b9ff:fe45:8449/64 scope link valid_lft forever preferred_lft forever 6: enp2s0.20@enp2s0: <broadcast,multicast,up,lower_up>mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:0d:b9:45:84:49 brd ff:ff:ff:ff:ff:ff inet 10.0.20.50/24 brd 10.0.20.255 scope global enp2s0.20 valid_lft forever preferred_lft forever inet6 fe80::20d:b9ff:fe45:8449/64 scope link valid_lft forever preferred_lft forever ...</broadcast,multicast,up,lower_up></broadcast,multicast,up,lower_up></broadcast,multicast,up,lower_up>
Some Diagnostics like Ping, ip route, arp, traceroute and more are listed here: https://gist.github.com/stif/6b7eb100cf4f51b5dbea3b6c5bc7e33b
I dont know how to go on, and i am very grateful for any tips or hints on how to solve this issue.
Kind Regards,
Stefan