Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    firewall question about carp with vlans

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 590 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      bmaster
      last edited by

      I'm reposting my question here, because in the carp-forum I find no answers, and I think it's also firewall related :-)

      Our setup: 2 pfsense boxes with carp (working just fine for years)
      Now, I'm testing with VLANs: I defined vlan 11 on the LAN interface: 10.11.1.2 (master), 10.11.1.3 (backup), 10.11.1.1 (carp virtual ip)
      In the firewall rules, under the VLAN11 tab, I have no rules at all.
      On a client computer, which is on a vlan 11 switchport, I try a couple of pings:

      ping 10.11.1.1 -> no reply
      ping 10.11.1.2 -> no reply
      ping 10.11.1.3 -> reply

      in the firewall logging, I see that the ping to 10.11.1.2 is blocked indeed. When I create a rule to allow all traffic from vlan 11 to everywhere, all pings work. When I look under diagnostics -> states, I only see states for .1 and .2, not for .3.

      My conclusion: traffic for .1 and .2 (the master) is handled by the firewall, traffic for .3 (the backup) is not.

      I'm sure there is a perfectly good explanation, but I really don't see it… is there anyone who can explain it to me?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.