What software are you using? Right now, for all of my pfSense boxes are running in KVM virtualization. http://www.linux-kvm.org/page/Main_Page But on client's site I also manage VMWare ESXi. I've also tested Citrix XenServer, Proxmox and few other platforms.. Right now, I'm going to learn something about Open vSwitch, http://openvswitch.org/ which I belive can support LACP for VMs, VLANs and other advanced network features.. I'm also interested in DRBD as HA solution for KVM http://www.drbd.org/ and Intel Vt-d / IOMMU as solution to attach physical NICs to the VM. I'm sorry to say this, but I don't read books :( recently only one. I'm testing, testing, testing.. just check in practice.

Have you read this thread? http://forum.pfsense.org/index.php/topic,36562.0.html Clean Install with pfsense 2.0 using transparent firewall

I actually fixed it and got it working. Turns out I had to configure the WAN interface on the host side. My /etc/network/interaces file now looks like this: # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 0.0.0.0 auto eth0:1 iface eth0:1 inet static address 192.168.0.2 netmask 255.255.255.0 gateway 192.168.0.1 dns-nameservers 192.168.0.1 # The WAN interface auto eth1 iface eth1 inet static address 0.0.0.0

ok. I have: Reboot VM added a second interface by VM assigned a new LAN IP Vm tools is also unmanaged. S.

I've accidentally destroyed ESX 4.0 networking on single host after connecting all available 8-cables (2 x Quad Gigabit network cards) to single switch. I did nothing more than plugging all cables to single switch. Worked on 5 hosts. Didn't worked on 1 host. Don't know why it was responding on one part of company (ICMP ok), and was unreachable on other part (ICMP unreachable). I think this was a driver failure in ESX, since I was able to get all 8-port working in LACP mode under LiveCD Linux distro. I had to reinstall ESX to ESXi 4.0 then it worked with all 8-ports used with link aggregation mode IP hash. Hope this helps someone one day. [image: esx-teaming.png] [image: esx-teaming.png_thumb] [image: esx-nics.png] [image: esx-nics.png_thumb]

Ive had some stability issues since updating to 2.0.1 on AMD architecture. Prior to this my WMware+Pfsense setup worked flawlessly. Since the update after a couple of days of uptime it starts acting up (can't access various pages of the webgui, ssh goes down, WAN goes down but WAN2 stays up, all sorts of odd behaviour). After a reboot things clear up for a few days then rinse and repeat. I found another PFsense thread by someone with a similar problem: http://forum.pfsense.org/index.php?action=printpage;topic=47354.0 I tried to fix located here: http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards - but whoever wrote the fix in the wiki was mistake, you cannot do as he suggests and set "hw.em.num_queues=1" Any ideas? Should I just go back to 2.0 or should I perhaps try one of the new experimental builds? The funny thing is that I can generally fix the problem even when I'm not home by remoting into the Windows 7 Machine through WAN2 and rebooting the VM. However, I would much rather just see it work all the time.

Here my vmware configuration [image: Cattura.JPG] [image: Cattura.JPG_thumb]

Lots of things to check here: http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting But first stop would be the firewall logs, then checking the state table to see if it shows up, some packet captures, etc… Only so many things to go wrong with a port forward.

It wouldn't be a security risk, but the OS itself will just not see it until you reboot. Those types of NICs are only probed at bootup and wouldn't show up if added while the VM was running. In some cases, adding hardware like that could potentially panic the OS. That isn't the case with dynamic hardware (USB, cardbus, etc) but those are special cases and not something you'd want to use for NICs, especially in a VM. I don't think freebsd even has expresscard hotplug support. So, long story short, it's best to power off the VM, add the NIC, then boot it back up. Or use VLANs, but in ESX it's generally best to use virtual NICs/vswitches rather than VLANs.

@jimp: We have a ton of people running 2.0.1 in ESX in production even with tools without issues. Also 2.0.1 wouldn't have left you at a "db>" prompt like in that screenshot. I have to wonder if it actually upgraded or if there is some other issue going on there. There are no major differences in the binaries between 2.0 and 2.0.1, the underlying OS version did not change. Thanks for the response and sorry for my late reply. I will soon try another upgrade.  This time I might build a new one from 2.0.1 source and put the config into it. Cheers Jon

I just setup Xen and my file transfer speeds over LAN range from 70-130MBps with an average above 80, which doesn't sound much different from ESXi reports here. I tried a passed through NIC with near-identical performance (80-115 MBps with an average of 90).  I don't see enough of a difference to justify passthrough, but I haven't tested long term stability yet so maybe there is more to it. I am using consumer hardware, so my biggest problem with ESXi was the lack of drivers, I had two boards with Broadcom chipsets that weren't supported without modifying the install CD.

I'll tell you right now what your problem is.  Having your management share with your LAN over the same NIC is causing the issues.  Without going into great detail, essentially there is a lot of broadcasting that is occuring over that same link.  You need to separate those two (have your management on its own subnet) and you will see a great increase in performance).

Awesome videos, thank you very much for sharing. I never learned how to use the commands to configure the router, that will probably help me a great deal in the future.

Hi, you must use the e1000 nics in proxmox. Runs here without trouble. Pfsense used 6 nics with the e1000 drivers, uptime are 70 days, transfered more then 150 GB over alle nics, without one collision. Regards, valle

I have a workaround uploaded that may be useful.  It cycles the interfaces both at boot and every time they are reconfigured.  I think they were already brought down once in the original interface reconfigure code anyway, but this workaround brings the interface up before bringing it down, which I think helps when the link had gone down. Instructions here: https://github.com/efonne/pfsense/wiki

Are these options required for all pfsense on Xenserver installations, or is this specific to AMD systems?  This page on installing pfsense on Hyper-v says to use these same options, claiming: Apparently FreeBSD 8 has a problem with AMD 64 processors which prevents them from booting in virtual environments. A workaround is to choose option 7 "Escape to loader prompt" … And it appears from this page that everyone that was having issues had an AMD system. I'm completely new to pfsense and VMs, but I'm trying to dive in and figure it out.  I'm on an Intel system, so I'm just wondering if this is something I need to (or even should) do. Thanks!

Is there a particular reason you passthrough the Intel ET card to pfSense rather than letting ESXI virtualize the WANs? It may be worth a try.

Thx :)

@jms703: I've installed PFSense 2.0.1 on a new Xenserver 6.0 install. The NICs are showing up in PFSense as RealTek NICs, but I have Intel NICs. How do I get PFSense to use the REAL Intel NICS? Enabling e1000 Gigabit device emulation in Citrix XenServer - http://www.netservers.co.uk/articles/open-source-howtos/citrix_e1000_gigabit