It's fairly clear now that the VMware appliance template has been discontinued, but I've still documented the problem at https://redmine.pfsense.org/issues/8787 in case anyone else suddenly runs into this!

When you ping from a static IP are you also seeing packets leave but no replies? I would definitely try disabling checksum offload. That should work fine with igb but with virtual igb NICs.... That needs to be added to the config usually via the GUI but if you can't access that you can edit the file directly /conf/config.xml. In the <system> section at the top add: <disablechecksumoffloading></disablechecksumoffloading> Reboot to see that change. Steve

My mistake, thank you for all.

Ok. Thanks for the reply Does anyone on the virtualization side have any ideas? Ive done pci passthrough via hostdev in libvirt xml and pci stubs in grub. Im under the impression that since the OS has no knowledge of the NIC card then neithier does libvirt since its a user space app. As i posted ealier freebesd sees the actual intel chipset instead of the standard e1000 emulated chip that QEMU provides to the guest. Also the mac addresses that pfsense sees on the NICs are those that are hardcoded on the hardware Additionally, the xml config has no entry for these nics and the centos cant even bring them up via ifup as the driver has never bound itself to the card. Maybe im missing something on the hypervisor side here but im under the impression that atandard anti spoofing mac address feature shouldnt apply here since libvirt is unaware of the existence or the card. Or is it? Thsnks

Alright, I figured out the issue. I was too stupid to notice but the issue was that my lovely host hypervisor routing table did not know what interface to use to connect to 172.16.2.0/24 subnet. So my solution was: ip route add 172.16.2.0/24 via 172.16.1.1 and it worked. SSH, ICMP everything. My host hypervisor (172.16.1.2) was able to connect to the ArchLinux server running in a vm internal network (172.16.2.2). Thanks @johnpoz for replying. This was pretty educational actually :)

No help, just confirmation that this occurs to more people. I am running pfSense in a virtual environment. When it works, it works. But randomly pfSense will block any incoming/outgoing traffic without clear warning. A reboot is the quickest method to resolve it. logs: Apparent moment of the latest stop: Jul 19 06:00:00 [] /usr/sbin/cron[15210]: (root) CMD (/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> /var/log/pfblockerng/pfblockerng.log 2>&1) Jul 19 06:00:00 [] /usr/sbin/cron[15542]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc) Jul 19 06:00:00 [] /usr/sbin/cron[15454]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot) Jul 19 06:00:00 [] /usr/sbin/cron[15701]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout) Jul 19 06:00:00 [] /usr/sbin/cron[15889]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout) Jul 19 06:00:00 [] php: [pfBlockerNG] Starting cron process. Jul 19 06:00:00 [] php: [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload [IPs sensored.] Network traffic after this moment seems blocked, strangely logs are still going after this moment. Also web interface is reachable, host machine is fine. Anyone some clues how to get more things logged?

@blackpaw29 The Proxmox machine is a server. It's never a good idea to have a dynamic IP on a server, of course. The Proxmox host machine should have a static IP in the LAN where also your management PC has an IP. So there's no need to have the virtualized firewall up and working to get access to the host machine.

@gjaltemba thx for your response. I finally solve it, i'm using this script: #!/bin/bash Setup network namespace with veth pair, start xterm in it nsterm ns0 veth0 10.0.0 yellow 24 if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" 1>&2 exit 1 fi NS=${1:-ns0} DEV=${2:-veth0} DEV_A=${DEV}a DEV_B=${DEV}b ADDR=${3-:10.0.0} ADDR_A=${ADDR}.254 ADDR_B=${ADDR}.1 MASK=${5:-24} COL=${4:-yellow} echo ns=$NS dev=$DEV col=$COL mask=$MASK ip netns add $NS ip link add $DEV_A type veth peer name $DEV_B netns $NS ip addr add $ADDR_A/$MASK dev $DEV_A ip link set ${DEV}a up ip netns exec $NS ip addr add $ADDR_B/$MASK dev $DEV_B ip netns exec $NS ip link set ${DEV}b up ip netns exec $NS ip route add default via $ADDR_A dev $DEV_B ip netns exec $NS su -c "xterm -bg $COL &" USER When i do "dhclient veth0a" i receive ip address from pfsense, and i can finally route all traffic throught pfsense

Hi! how did yoi fixed this? I'm facing the same problem. Thanks

@stephenw10 yes im really sure about that, i can ping from my windows machine to 192.168.1.1 (lan interface virtual). I dont configure any routing or port forwards just add a firewall rule to allow all traffic in all interface (wan and lan) yes Pfsense are respondig. were i can find that state table?

@Derelict can you help me please