@fabrizior

Hi fab,

read your post, was your problem that you could no longer access your qnap qts gateway? i posted a possible fix for you
https://forum.qnap.com/viewtopic.php?f=45&t=155315&p=755280#p755280

pfsense lan gateway is in pfsense admin web ui Interfaces > LAN (vtnet1)

then the qnap nas OS gateway is located at lan virtual switch (configure this as a static lan ip. you then connect to this ip to access your qnap NAS OS gateway)

make sure neither of these are within your DHCP lan range in pfsense. You can check this in pfsense DHCP server.

I found you an instructive example (pls, focus on the static route)
not entirely your question, but it deals with multi-router systems

by marmar_75:
https://forum.netgate.com/topic/154139/routing-for-dual-pfsense-routers

@ishtiaqaj pfsense doesn't have a gui. It uses a web interface which runs on your favorite desktop os.
Install it standalone on a barebone pc.
Or install it on a proper virtualisation server.

@teamits

Hello @teamits - does this assume the isp router is in front of both pfsense boxes ? So , Ont —> isp router —> wan interface of both pfsense machines ?

I was looking to put the isp router behind the pfsense box. I am actually thinking of doing away with it entirely and replace it with a moca adapter.

I have a separate ethernet line from the ont going straight to my pfsense box in my current setup.

@voodooutt

Actually, I worked it out for myself and literally just came back here to post the results.

#1: Apparently some versions of FreeBSD in a VM do not like OVMF & Q35 machine types. I used seabios and i440fx instead. I set OS type to "other" instead of linux since there's not a specific option for BSD on proxmox. I ran across some stuff in the freebsd forums talking about 11.1 and other releases of 11.x having various issues under OVMF/Q35 VMs, so I figured I'd stack the deck in my favor.

#2: I added "blacklist intel" to blacklist.conf to completely disable the NIC in proxmox. BEWARE! This would cause nine kinds of trouble in a server with multiple intel devices! My server has 4x onboard nics, a 10gbe dual port mezzanine card, and nearly everything else is an intel product as well. That addition to blacklist would pretty much render it a boat anchor. The hardware hosting pfsense is an AMD 3800x on a gigabyte board with three different brands of NICs in it: Realtek gigabit onboard (almost worthless, IMO), the dual port pro 1000 intel card passed through to pfsense, and a solarflare dual port 10gbe card. This step is not strictly necessary because it does work without it, but I wanted the LEDs on the NIC and switch off unless pfsense was up and active for troubleshooting purposes.

#3: Pass the NIC though to pfsense as normal. Since the machine type is i440fx, the PCIe checkbox is greyed out.

After I completed that, it came right up and I was able to get bare metal equivalent throughput and cpu load while hammering the snot out of it. I was getting absolutely terrible throughput with every other method I tried but this is slightly faster than my current pfsense installation running on bare metal.

speedtest.jpg cpuload.jpg

@skilledinept said in Is E1000E better supported than VMXNET3 in pfSense?:

Thanks! I knew I wasn't imagining things. I don't get the performance why impact though.

Maybe it's the physical NICs that are not good with the paravirtualized NIC--but--other machines would have bad performance too, right?

I'll just be grateful it works for now. Thanks to you too! :)

I was literally going to make a forum post and thought I'd do some research and found your thread!

I've been having the same issues with VMXNET3 after introducing VLANs into my home network, I would see drops from time to time on pfSense. I am using a supported Intel NIC and have not previously had any issues for over a year. I have checked everything I could in terms of speed/duplex mismatches, bad cables, NIC, switches but had no joy. I was only able to fix this using E1000. I did see that it was using a bit more CPU usage and typically the speeds not being as consistent, therefore I'd much rather use VMXNET3 if possible. E1000 fixes the packet drops. This seems to be something specific to pfSense and ESXi - I don't have any problems with any of my other VM's which run on VMXNET3, all works perfectly.

I have 3 VMXNET adapters connected to my pfSense VM - WAN/WAN2/LAN. The VLANs are running over the LAN adapter, those appear to be the ones having issues.

@skilledinept Are you using VLANs? I think possibly this could be isolated to using VLANs with VMNET3. I have no drops on my WAN interfaces where I have no VLANs.

NOTE: No drops are observed switch side, vswitch security settings are all set to allow. Running pfSense 2.4.5-RELEASE (amd64)

@teamits Shutdown does work.

FreeBSD has built-in Microsoft Hyper-V integration services for a while now, really good support since FreeBSD 11.1 (which is the entire pfSense 2.4 branch).

pfSense does support shutdown from Hyper-V - I've tested it..

Reference:
https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/supported-freebsd-virtual-machines-on-hyper-v

@unf0rg0tt3n said in ISP modem downstairs, pfsense - attic one cable to rule them all?:

The modem is in bridge mode; it then only allows 1 device directly connected to it. which is directly connected to the internet. why do I need PPPoE? the device gets a direct "external" ip address.

Okay, so you should be able to go with VLAN.
Define a VLAN for the WAN network on pfSense and the switch in the ground floor.

On pfSense go to Interfaces > Assignments > VLANs > Add. Select the interface which the ground floor switch is connected to and set a VLAN tag.
Then go to Interface Assignments and select the newly added VLAN under Network port next to WAN. Open the WAN settings by clicking on it and configure it.

However, since you're running pfSense virtualized you may also set up the whole VLAN stuff on Proxmox and provide pfSense an untagged WAN.

ok, since a couple of day's i notice that the server still blacks out and i need to reboot the complete ESXI server.
When i only reboot the Pfsense VM it wont work.

the second thing that i noticed is when my internet speed is FULLY used. ( i have a 1GB line ) that's when it happens.
So i have tried reducing the speed in the newsgroups download but still same problem.

So it comes down to this: when i use newsgroups for downloading some files it's going down.
so i tought, could it be the network card that i'm using for both WAN and LAN?

so i want to add another network card to the ESXI server with 4 ports to try it out.
But can i make it so that ALL the 4 ports are available for the LAN network in the same subnet? 10.0.0.1/24.
i really like it that way, then i can connect my nas, and both my raspberry to the remaining 3 network ports.

After some hours spent in this problem, finally can solve it. The main problem here is because when you change on EC2 panel to a instance that require enhance networking (and enable it via CLI) from a old one, the AWS system change the network interface names and pfSense can't bring up the network connection and the instance become unavailable.

The workaround is:

SSH on pfSense instance and start a shell session In this example a use nano as text editor (I'm noob), so it's necessary install via pkg install nano Edit the pfSense config file: nano /cf/conf/config.xml Search (Ctrl + W) for <interfaces> (the complete path is pfsense>system>interfaces) and replace the tag if for both wan/lan interfaces with values ena0 and ena1 respectively. Remember to save using Ctrl + X. Example file: <interfaces> <wan> ... <if>ena0</if> ... </wan> <lan> ... <if>ena1</if> ... </lan> .. </interfaces> Shutdown the instance on EC2 panel (remember to check if termination protection is enabled) Execute this command using aws cli on your local machine to enable enhanced networking:
aws ec2 modify-instance-attribute --instance-id I-INSTANCE_ID --ena-support Go to EC2 console, select the instance and change the instance type according your needs on "Actions > Instance Settings > Change Instance Type" (for me is a t3a.medium) Turn on your pfSense instance in EC2 panel and everything will be fine