CARP VIP not passing traffic
-
That was from not working.
-
OK well there's nothing wrong there. Can you ping your WAN address from there? 8.8.8.8?
Can an inside host resolve DNS?
-
If you look at the ARP table on the inside host when it is not working, the MAC address there should be 00:00:5e:00:01:0a for 192.168.0.1. Is it?
-
That MAC (and the associated IP) is not in the ARP table.
-
When it works, I get this in the ARP table
COMMLAN 192.168.0.1 84:16:f9:29:53:d9 Expires in 1186 seconds ethernet
-
Then that is something else on your network, not the CARP VIP.
84:16:F9 Tp-LinkT Tp-Link Technologies Co.,Ltd.
-
I am talking about the ARP table on the client.
Are you seeing entries in the system log about "someone else is using my IP" or something to that effect?
-
I found a Tp-Link switch that matches that MAC. It appears that it turned on it's default ip address (192.168.0.1) that was causing conflict with the CARP VIP.
Side note, don't build your work network on an over used class C addressing scheme..
-
That'll do it. Glad you found it.
-
If you do - don't use .1 or .254 since those are common default IPs ;)
Pretty much the reason pfsense IP on all its vlans is .253...
