Alright, I figured out the issue. I was too stupid to notice but the issue was that my lovely host hypervisor routing table did not know what interface to use to connect to 172.16.2.0/24 subnet. So my solution was: ip route add 172.16.2.0/24 via 172.16.1.1 and it worked. SSH, ICMP everything. My host hypervisor (172.16.1.2) was able to connect to the ArchLinux server running in a vm internal network (172.16.2.2). Thanks @johnpoz for replying. This was pretty educational actually :)

No help, just confirmation that this occurs to more people. I am running pfSense in a virtual environment. When it works, it works. But randomly pfSense will block any incoming/outgoing traffic without clear warning. A reboot is the quickest method to resolve it. logs: Apparent moment of the latest stop: Jul 19 06:00:00 [] /usr/sbin/cron[15210]: (root) CMD (/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> /var/log/pfblockerng/pfblockerng.log 2>&1) Jul 19 06:00:00 [] /usr/sbin/cron[15542]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc) Jul 19 06:00:00 [] /usr/sbin/cron[15454]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot) Jul 19 06:00:00 [] /usr/sbin/cron[15701]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout) Jul 19 06:00:00 [] /usr/sbin/cron[15889]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout) Jul 19 06:00:00 [] php: [pfBlockerNG] Starting cron process. Jul 19 06:00:00 [] php: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload [IPs sensored.] Network traffic after this moment seems blocked, strangely logs are still going after this moment. Also web interface is reachable, host machine is fine. Anyone some clues how to get more things logged?

@blackpaw29 The Proxmox machine is a server. It's never a good idea to have a dynamic IP on a server, of course. The Proxmox host machine should have a static IP in the LAN where also your management PC has an IP. So there's no need to have the virtualized firewall up and working to get access to the host machine.

@gjaltemba thx for your response. I finally solve it, i'm using this script: #!/bin/bash Setup network namespace with veth pair, start xterm in it nsterm ns0 veth0 10.0.0 yellow 24 if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" 1>&2 exit 1 fi NS=${1:-ns0} DEV=${2:-veth0} DEV_A=${DEV}a DEV_B=${DEV}b ADDR=${3-:10.0.0} ADDR_A=${ADDR}.254 ADDR_B=${ADDR}.1 MASK=${5:-24} COL=${4:-yellow} echo ns=$NS dev=$DEV col=$COL mask=$MASK ip netns add $NS ip link add $DEV_A type veth peer name $DEV_B netns $NS ip addr add $ADDR_A/$MASK dev $DEV_A ip link set ${DEV}a up ip netns exec $NS ip addr add $ADDR_B/$MASK dev $DEV_B ip netns exec $NS ip link set ${DEV}b up ip netns exec $NS ip route add default via $ADDR_A dev $DEV_B ip netns exec $NS su -c "xterm -bg $COL &" USER When i do "dhclient veth0a" i receive ip address from pfsense, and i can finally route all traffic throught pfsense

Hi! how did yoi fixed this? I'm facing the same problem. Thanks

@stephenw10 yes im really sure about that, i can ping from my windows machine to 192.168.1.1 (lan interface virtual). I dont configure any routing or port forwards just add a firewall rule to allow all traffic in all interface (wan and lan) yes Pfsense are respondig. were i can find that state table?

@Derelict can you help me please

Hi, tnx for your response. Solved. My problem was a Realtek NIC bug, disabled all items in windows (system - advanced settings from hardware list) i dont remember english name. All disabled except Flow Control, now i have same download / upload speeds :-)

@Derelict: If CARP won't work neither will VRRP. They use essentially the same network functions, including the same multicast address etc. Not sure what you are seeing on XenServer 7 but CARP works just fine in XenServer 6. Hmm… this and other threads https://forum.pfsense.org/index.php?topic=122588.0 Suggest that they function differently. Where as CARP uses a multicast MAC VRRP uses a single virtual unicast MAC? Either way, I can confirm that the keepalived vrrp implementation works in my environment so I'm hopeful that freevrrp will work as well. Are/Were you using OVS on XenServer6? The  network switch default backend is bridge mode..

@vc6SfV8: Following back up on this - I successfully installed pfSense today on Linode. Follow the directions here: https://www.linode.com/docs/tools-reference/custom-kernels-distros/install-freebsd-on-linode In step 5, replace the curl command with the following: curl -k https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.3.1-RELEASE-amd64.img.gz | gunzip | dd of=/dev/sda Everything else works beautifully. :) Ryan Hi, I followed your tips however during during the botting of Installer Profile I am getting this error "Cannot Direct Disk boot a disk with no MBR: Linode Configuration Profile problems detected. " Any ideas on how to solve this? Thank you.

Awesome, great to hear that the pesky vmware tools message is going to disappear. I should be carrying out the upgrade soon after backing up my ESXi host. It's quite interesting that Jim uses ESXi… Maybe that's why it's been so stable for me  ::) ::) ::)

Is there any suggestion for this?