whaoo , ok thanks for this quick answers , so adding a nic with e1000 drivers don't alter order of the previous nics ... i know what to do if i want to use another vmxnet drivers ;) Thanks heper ;) have nice day ;)

@Zung said in Hyper-V pfsense setup with no internet behind LAN interface: I am not sure if this issue was recorded in certain log or not. WAN events are always logged. In the logs. Not a question of being sure : if you want to know, you have a look.

Well, I tried a little more investigation on this and solved the problem. At first I checked IP's generating the messages. They were all android devices (Google homes, android phones etc.). Then I discovered these were from the Squid addon - caching. I removed Squid and its reporter from installed packages - restarted the VM and CPU Usage returned to normal. Obviously Squid went haywire on android devices. Don't know why - but will not install again - don't really want this problem to crop up again. Cheers

@skogs So obviously Proxmox tries to use the guest agent if it's activated and does not send ACPI signals, even if it has recognized that the agent isn't running. Didn't know that. However, since pfSense has no Qemu guest agent there's no reason for activating it.

Sorry but I am with @ITFlyer - and I edited your post to remove what amounts to keywords and a link.. Glad your wanting to help - but keep it on topic to the question at hand.. And why would you join a forum, minutes latter add such a post to a almost year old thread, because it mentions something related to what your wanting to promote is what it looked like.

Nothing unique to your issue about being on a fiber connection... Anyone behind a nat would have to open up the router in front of pfsense.. Glad you got it sorted.

@andmattia Does your processor include AES-NI and is it enabled in BIOS?

It's highly unlikely to be related. There is nothing that gets triggered by pressing 8. Maybe your system connecting to the firewall via SSH on its own might have nudged your client system's IP stack in some way (e.g. a new ARP request), but it's unlikely to be a firewall problem.

@Gertjan Ok i will try that way.

@securityconcerned said in Need help in taking pfSense for test drive in VirtualBox: my computer is infected with viruses, and these perpetrators also seem to be on my network at various times. So I was thinking of putting a pfSense firewall on my network. Look outside. We are in the year 2020. Most, if not all processes communicate with each other using something like TLS. This is even more valid if these processes have sensible information to hide, like, for example, viruses. So, never ever pfSense can find out what is coming in and out of your network **. There is only one way out. Stop downloading any executables, probably even pay-ware, free ware for sure. Remember : if there is no price (no $) then the product is YOU. There are two major solutions for this. Stop clicking. And your done. This will even save your mouse buttons. Far less better, but it might work : check out all the videos from, for example, https://www.youtube.com/user/ThePCSecurity - you'll see an relatively up to date tests among 'the best' which you will re qualify as the "most commercial known". And again, if you pay nothing, you will have the quality worth you paid for. Knowing that 0 / "something" is .... known as zero. It's not very hard to learn where to look for when it comes to viruses and family. And when done, no more need to use anti-virus scanners and stuff like that (I'm using none). Don't get me wrong, but I concerned about your concept of security ;) ** actually, I should say : pfSense could do some inspection work for you. The real issue is : a huge knowledge about SSL/TLS, certificates, proxies will be needed. People that can pull this one of .... never do so because they do not have the need for it : these guys saw a virus somewhere in the last decade, the day they were learning. An exception to the rule might be an email server, something like postfix, which doesn't belong at all on a device that is a firewall router like pfSense. This kind of server unpacks your mail, and stores them in clear text, which makes scanning possible before the user can see and/or download it into the mail client. There is no such solution as "install XYZ ito pfSense, set this and ckick there" and all my traffic is scanned, and blocked if needed.

If I recall I used e1000 vs vmx and no problem

You should inquire via e-mail to sales@netgate.com

Thanks for your suggestions, have some fries Okay , so tried the MikroTik LTE modem, but too expensive and I will use an old iPhone hotspot via USB. I use an iPhone hotspot via USB for my computer browsing and it is fast enough for streaming. The pfSense VM router will route no streaming, only Home Assistant traffic, which I estimate to be minimal. If I grow, I'll move back to an LTE dedicated modem. So, the question remains: USB setup on the Hypervisor Proxmox server to connect to the VM pfSense router? Hypervisor has: WAN Eth0 Ethernet port. LAN Eth1 Ethernet port. VM pfSense router has: Net0=vmbr0 connected to Eth0. Net1=vmbr1 connected to Eth1. So, add a USB port connection somehow in Proxmox or configure something in pfSense? Here's my current network topology: [image: wbfeRxj.png] Here's my planned topology: [image: 3IHZscy.png]

@djair thanks for the reply I decided that for the work i need to do, I need a more friendly hypervisor. So I used VMware Workstation 15.5 and did the same job in half the time

Its a ESXI host, do you not have access to the vmkern.. throw up some VM on the lan side network... Console that VM.. Or sure console to pfsense and disable the firewall..

@provels I think that the setting to have the Time Synchronization enabled in Integration Services fixes this. Since I enabled this setting, I have only seen the clock unsynchronized error at reboot.

@johnpoz I answered 'no' to that on my previous comment in the first line. I don't have too much idea about networking, sorry. I am just giving you as much information as I can.

hi Ingenium, I know it might be a bit late for an answer, but I think one solution for your VLAN on VF problem might be to bind a VLAN on a VF on the host. You can use "ip link set PF vf X vlan Y" on the host to bind a VLAN on the VF. Replace PF with your PF-interface name, X is the VF interface and Y is the VLAN. You would end up in having a VF for each additional VLAN. The VLAN header is stripped/inserted by the VF and the interface can be used just like a standard interface in pfSense. No need to configure VLAN in pfSense. check out https://doc.dpdk.org/dts/test_plans/vf_vlan_test_plan.html for reference.

@ldiciolla as xcp-ng version 7.x you must add 4 extra in the mtu 1500 cause the nic in xen has no 802.1q vlan driver due that the max vlan 4094 is done like 1024 2048 4096 4096 is how memory is allocated but the mtu 1500 is the tcp mac window max trans (m)utex just add 4 in the mtu and there the vlan number will be stored (in v8)this is covered , pfsense runs in a vm so don't allocate vlan(s in vlan(s on the gen1 hypervisor , buy a switch vlan802.1q built there your nic vlan in and deliver pfsense simple lan interfaces reason is the nic must also be vlan capavle, by using a switch this is covered and on one realtek i ran wan lan1,2,3,4,5,6 always tag the port the 802.1q has nothing to do with the ARP MAC thats in 802.1ad vlan 4096 tag means all vlans and start by id 4 due 1-3 is are used for LAG not like LACP or LACP.802.a3d ,