Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't ping LAN VIP in CARP

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    2 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michelangelo
      last edited by

      Hello,
      After (more or less) solving my last problem, I configured CARP following the tutorial. It works perfectly, EXCEPT that I can not ping the LAN VIP! If I try to ping it my packets get routed to the internet (traceroute shows this quite well, and I receive a "host unreachable" from routers on the net)… tcpdumping around in fact shows that the packets get in from the LAN if... and go out, correctly natted, from one of the WANs (in a perfect round-robin fashion). Except for this, all the traffic to the internet works flawlessly.
      So my question is: is the LAN VIP really ought to be non-reachable, or did I screw something badly?

      Cheers,
      Rod

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        Sounds like you are running CARP and dual WAN. If you put in a firewall rule on the LAN that redirects all traffic to a particular gateway/pool, then traffic destined for CARP address will also get sent to the gateway/pool. I work around this by adding another rule to allow the local subnet using the default gateway. Something like:
        LAN firewall rules:
        Allow * src=lan net * dest=lan net * *
        Allow * src=lan net * * * gateway=load balancer

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.