Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Unable to route through new interface

    HA/CARP/VIPs
    2
    2
    522
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jnpetty last edited by

      We have a very strange issue where we are spinning up a new interface, just like we did with our 30 previous interfaces.

      VLAN:1700
      FW1 Interface IP: 192.168.120.1/24
      FW2 Interface IP: 192.168.120.2/24
      CARP IP: 192.168.120.254/24

      The CARP IP properly replicated, FW1 is the Master and FW2 is Backup.

      I can ping the individual firewall IPs, but not the CARP IP. Its not a rule issue as I can add an ANY/ANY and the behavior does not change.

      Its not a routing or a switch VLAN issue as I can see all MACs on all our switches. The firewall interfaces can ping each other I can ping external IPs from the firewall

      There are no floating rules that have this subnet in scope.

      At this point I am at a lose and dont know where to proceed. Like I mentioned we have had no issues bringing any of our previous subnets online. But even after destroying and recreating everything, the issue persists.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @jnpetty last edited by

        @jnpetty
        When you ping the CARP VIP from a connected device, it will first send an ARP request which the master should respond to.

        So to investigate, sniff the traffic and check for ARP packets and if pfSense sends a respond.
        If there is no ARP request, check the ARP table on the device you're pinging from for an already existing entry.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post