Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - stif

Pages: [1]
1
General Questions / Inter VLAN Routing Problem with Trunk Ports
« on: February 07, 2018, 05:07:45 am »
Hi,

I am using pfSense since several years and have been very satisfied with it.
Recently i started using Docker with macvlan driver and got some problems.
First i thought it was a Docker problem, but when i configured a linux box with a trunk connection the same prolems arised.
So i am suspecting the problem lies within pfsense now.

My Setup:


Problem:
The Linux box (cnt-host) with a trunk port (VLAN1, VLAN10 and VLAN20 on the same NIC) is reaching the pfSense box on all configured Interfaces, and pfSense box is reaching all the Interfaces on cnt-host.
But the Laptop is only reaching the Interface of cnt-host which is in the same VLAN (VLAN20) despite reaching all other (nativ) Devices in all the other VLANS (Firewall is configured to allow all for testing)

Some more Details:

cnt-host is a APU2 Hardware running Ubuntu and vlans are configured in /etc/network/interfaces.d/enp2s0

Code: [Select]
auto enp2s0
iface enp2s0 inet dhcp

auto enp2s0.10
iface enp2s0.10 inet dhcp
    vlan-raw-device enp2s0

auto enp2s0.20
iface enp2s0.20 inet dhcp
    vlan-raw-device enp2s0

Code: [Select]
#ip addr
...
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0d:b9:45:84:49 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.50/24 brd 10.0.0.255 scope global enp2s0
       valid_lft forever preferred_lft forever
    inet6 fe80::20d:b9ff:fe45:8449/64 scope link
       valid_lft forever preferred_lft forever
5: enp2s0.10@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0d:b9:45:84:49 brd ff:ff:ff:ff:ff:ff
    inet 10.0.10.50/24 brd 10.0.10.255 scope global enp2s0.10
       valid_lft forever preferred_lft forever
    inet6 fe80::20d:b9ff:fe45:8449/64 scope link
       valid_lft forever preferred_lft forever
6: enp2s0.20@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0d:b9:45:84:49 brd ff:ff:ff:ff:ff:ff
    inet 10.0.20.50/24 brd 10.0.20.255 scope global enp2s0.20
       valid_lft forever preferred_lft forever
    inet6 fe80::20d:b9ff:fe45:8449/64 scope link
       valid_lft forever preferred_lft forever
...

Some Diagnostics like Ping, ip route, arp, traceroute and more are listed here: https://gist.github.com/stif/6b7eb100cf4f51b5dbea3b6c5bc7e33b

I dont know how to go on, and i am very grateful for any tips or hints on how to solve this issue.

Kind Regards,
Stefan



Pages: [1]