I have the following setup:
ONE pfSense with a Public Subnet and Hybrid Outbound NAT

For example:

WAN: ..*.42 NAT for everything (else)
LAN1: 192.168.1.0/24
LAN2: 192.168.248.0/24 (which is NATed different)

CARP: ..*.248 NAT for 192.168.248.0/24

I also created rules at the WAN interface to allow ping to WAN-address and CARP-address.

Now something strange happens. If i ping the WAN-address everything works fine.
If i ping the CARP address from the internet i get a "DUP!" as an answer.

I looked at the capture and noticed something: Destination is "IETF-VRRP-VRID_f8 (00:00:5e:00:01:f8)" but the source for the reply is always the MAC-address for .42!

I also noticed 2 ping-requests in my capture and i think, something is very wrong in my setup. But i think that is because of the strange reply from the pfsense.

To make that clear. I wanted to have different mac-addresses for every virtual IP, therefore i am using CARP with only one firewall.

What could be the problem?

Thank you.

EDIT: Just rebooted the firewall. Now the DUP! messages are gone. But where could the problem be?