DUP! - CARP with Virtual-IP and single firewall for NAT


  • Hello

    I have the following setup:
    ONE pfSense with a Public Subnet and Hybrid Outbound NAT

    For example:

    WAN: ..*.42 NAT for everything (else)
    LAN1: 192.168.1.0/24
    LAN2: 192.168.248.0/24 (which is NATed different)

    CARP: ..*.248 NAT for 192.168.248.0/24

    I also created rules at the WAN interface to allow ping to WAN-address and CARP-address.

    Now something strange happens. If i ping the WAN-address everything works fine.
    If i ping the CARP address from the internet i get a "DUP!" as an answer.

    I looked at the capture and noticed something: Destination is "IETF-VRRP-VRID_f8 (00:00:5e:00:01:f8)" but the source for the reply is always the MAC-address for .42!

    I also noticed 2 ping-requests in my capture and i think, something is very wrong in my setup. But i think that is because of the strange reply from the pfsense.

    To make that clear. I wanted to have different mac-addresses for every virtual IP, therefore i am using CARP with only one firewall.

    What could be the problem?

    Thank you.

    EDIT: Just rebooted the firewall. Now the DUP! messages are gone. But where could the problem be?