Lots of things to check here:
http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

But first stop would be the firewall logs, then checking the state table to see if it shows up, some packet captures, etc… Only so many things to go wrong with a port forward.

It wouldn't be a security risk, but the OS itself will just not see it until you reboot. Those types of NICs are only probed at bootup and wouldn't show up if added while the VM was running. In some cases, adding hardware like that could potentially panic the OS.

That isn't the case with dynamic hardware (USB, cardbus, etc) but those are special cases and not something you'd want to use for NICs, especially in a VM.

I don't think freebsd even has expresscard hotplug support.

So, long story short, it's best to power off the VM, add the NIC, then boot it back up.

Or use VLANs, but in ESX it's generally best to use virtual NICs/vswitches rather than VLANs.

@jimp:

We have a ton of people running 2.0.1 in ESX in production even with tools without issues.

Also 2.0.1 wouldn't have left you at a "db>" prompt like in that screenshot. I have to wonder if it actually upgraded or if there is some other issue going on there.

There are no major differences in the binaries between 2.0 and 2.0.1, the underlying OS version did not change.

Thanks for the response and sorry for my late reply.

I will soon try another upgrade.  This time I might build a new one from 2.0.1 source and put the config into it.

Cheers
Jon

I just setup Xen and my file transfer speeds over LAN range from 70-130MBps with an average above 80, which doesn't sound much different from ESXi reports here.

I tried a passed through NIC with near-identical performance (80-115 MBps with an average of 90).  I don't see enough of a difference to justify passthrough, but I haven't tested long term stability yet so maybe there is more to it.

I am using consumer hardware, so my biggest problem with ESXi was the lack of drivers, I had two boards with Broadcom chipsets that weren't supported without modifying the install CD.

I'll tell you right now what your problem is.  Having your management share with your LAN over the same NIC is causing the issues.  Without going into great detail, essentially there is a lot of broadcasting that is occuring over that same link.  You need to separate those two (have your management on its own subnet) and you will see a great increase in performance).

Awesome videos, thank you very much for sharing.

I never learned how to use the commands to configure the router, that will probably help me a great deal in the future.

Hi, you must use the e1000 nics in proxmox. Runs here without trouble.
Pfsense used 6 nics with the e1000 drivers, uptime are 70 days, transfered more then 150 GB over alle nics, without one collision.

Regards, valle

I have a workaround uploaded that may be useful.  It cycles the interfaces both at boot and every time they are reconfigured.  I think they were already brought down once in the original interface reconfigure code anyway, but this workaround brings the interface up before bringing it down, which I think helps when the link had gone down.
Instructions here: https://github.com/efonne/pfsense/wiki

Are these options required for all pfsense on Xenserver installations, or is this specific to AMD systems?  This page on installing pfsense on Hyper-v says to use these same options, claiming:

Apparently FreeBSD 8 has a problem with AMD 64 processors which prevents them from booting in virtual environments. A workaround is to choose option 7 "Escape to loader prompt" …

And it appears from this page that everyone that was having issues had an AMD system.

I'm completely new to pfsense and VMs, but I'm trying to dive in and figure it out.  I'm on an Intel system, so I'm just wondering if this is something I need to (or even should) do.

Thanks!

Is there a particular reason you passthrough the Intel ET card to pfSense rather than letting ESXI virtualize the WANs?

It may be worth a try.

Thx :)

@jms703:

I've installed PFSense 2.0.1 on a new Xenserver 6.0 install. The NICs are showing up in PFSense as RealTek NICs, but I have Intel NICs. How do I get PFSense to use the REAL Intel NICS?

Enabling e1000 Gigabit device emulation in Citrix XenServer - http://www.netservers.co.uk/articles/open-source-howtos/citrix_e1000_gigabit

Did I post this in the wrong section?

Any info would be appreciated. Even a link to where to read up on this. I am already checking proxmox site.

@stephenw10:

GRE is the protocol used by PPTP to send ppp packets. If your firewall is blocking that it would explain a lot.

Steve

yep it would, but it did not set any fw rules at all, on lan there is the default any pass rule, and on wan there are the default private bogon blocks.
i also noticed that the gre entry in the fw log says interface em1 which is the wan nic. other entrys say wan as interface.

Just for update.
I'm successfully running pfSense in KVM on HP Proliant ML110 G5 even on CPU without of support of Intel® Virtualization Technology (VT-x) and with 1GB RAM only, seriously.
It has Intel Pentium E2160 http://ark.intel.com/products/29739/Intel-Pentium-Processor-E2160-(1M-Cache-1_80-GHz-800-MHz-FSB) processor. I had some problems to even start BSD VM on that, however..
.. changing emulator from:

<emulator>/usr/bin/kvm</emulator>

to:

<emulator>/usr/bin/qemu</emulator>

did the job.
Performance impact is noticeable, however it still can shape 10Mbit link.
On KVM emulator there was Kernel Panics on VM start and 100% CPU usage problem.
On Qemu no problem.
The router uptime is:

uptime.png
uptime.png_thumb

once you switch hardware, whether it's virtual to virtual, physical to physical, physical to virtual, etc. anything that changes the MAC, you must have your upstream ARP cache cleared. Where that resides depends, many times it's a router or modem on your side that you just have to reboot. At times it's a router on the ISP's side where you must contact them to have it cleared.

I am able to saturate 1Gbps In and 1Gbps Out with LAN routing in pfSense on two NICs that are shared with 2 other VMs using the emulated E1000 drivers on pfSense and VMXNET 3 on the other VMs. The 1Gbps IO is just the pfSense traffic.

Hi Jhonpoz,
thank you for your reply, I've done a work like this, because i'm doing a work for a degree, so the university assigned me a PC with CentOS like OS…So I had to install workstation and work like virtual on virtual for biuld up an infrastructure for testing VM ware view...But now i've almost finished, i will talk about my work on 23th April, so i can't destroy anything and use  ESXi directly on the hardware now, I've almost finished, the only thing left me to do is to set up the firewall for my infrastructure, because I will connect to this LAN with a satellite web connection...
Maybe now u can understend my work.... ;) ;)