Netgate SG-1000 microFirewall

Author Topic: Inter VLAN Routing Problem with Trunk Ports  (Read 94 times)

0 Members and 1 Guest are viewing this topic.

Offline stif

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Inter VLAN Routing Problem with Trunk Ports
« on: February 07, 2018, 05:07:45 am »
Hi,

I am using pfSense since several years and have been very satisfied with it.
Recently i started using Docker with macvlan driver and got some problems.
First i thought it was a Docker problem, but when i configured a linux box with a trunk connection the same prolems arised.
So i am suspecting the problem lies within pfsense now.

My Setup:


Problem:
The Linux box (cnt-host) with a trunk port (VLAN1, VLAN10 and VLAN20 on the same NIC) is reaching the pfSense box on all configured Interfaces, and pfSense box is reaching all the Interfaces on cnt-host.
But the Laptop is only reaching the Interface of cnt-host which is in the same VLAN (VLAN20) despite reaching all other (nativ) Devices in all the other VLANS (Firewall is configured to allow all for testing)

Some more Details:

cnt-host is a APU2 Hardware running Ubuntu and vlans are configured in /etc/network/interfaces.d/enp2s0

Code: [Select]
auto enp2s0
iface enp2s0 inet dhcp

auto enp2s0.10
iface enp2s0.10 inet dhcp
    vlan-raw-device enp2s0

auto enp2s0.20
iface enp2s0.20 inet dhcp
    vlan-raw-device enp2s0

Code: [Select]
#ip addr
...
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0d:b9:45:84:49 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.50/24 brd 10.0.0.255 scope global enp2s0
       valid_lft forever preferred_lft forever
    inet6 fe80::20d:b9ff:fe45:8449/64 scope link
       valid_lft forever preferred_lft forever
5: enp2s0.10@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0d:b9:45:84:49 brd ff:ff:ff:ff:ff:ff
    inet 10.0.10.50/24 brd 10.0.10.255 scope global enp2s0.10
       valid_lft forever preferred_lft forever
    inet6 fe80::20d:b9ff:fe45:8449/64 scope link
       valid_lft forever preferred_lft forever
6: enp2s0.20@enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:0d:b9:45:84:49 brd ff:ff:ff:ff:ff:ff
    inet 10.0.20.50/24 brd 10.0.20.255 scope global enp2s0.20
       valid_lft forever preferred_lft forever
    inet6 fe80::20d:b9ff:fe45:8449/64 scope link
       valid_lft forever preferred_lft forever
...

Some Diagnostics like Ping, ip route, arp, traceroute and more are listed here: https://gist.github.com/stif/6b7eb100cf4f51b5dbea3b6c5bc7e33b

I dont know how to go on, and i am very grateful for any tips or hints on how to solve this issue.

Kind Regards,
Stefan