Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forwarding not working when running as VM - hours spent on this

    Scheduled Pinned Locked Moved
    Firewalling
    1
    2
    266
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      suchamoneypit
      last edited by suchamoneypit

      This could either fit as a port forward/firewall issue or a virtualization issue, but the VM category had questions far different so Im putting it here.

      pfSense latest version, updated it to latest like 2 weeks ago.
      Running as VM on unRaid server, pfSense has two dedicated port off a 2 port 2.5GBps NIC. unRaid runs off motherboard ethernet connected to a switch which connects to the OPNsense LAN port. My unRaid server is 10.0.1.100.

      port forwarding woes with PFsense. I tried OPNsense too. Valheim game server running as docker container (and using unraid ethernet port on the motherboard). pfSense running as VM on its own network card ethernet ports. If I connect unraid to my dedicated xfinity router, with pfSense ruled out, port forwarding works fine. If I connect it to my OPNsense VM with port forwarding, I see friends traffic show up on the firewall logs, but they cant connect. They get a failure to connect error. I think this is likely something related to the fact my router is running virtualized, as this is the only element changed. But we are talking different ethernet ports and IP addresses entirely on my server. This has had me stumped for weeks.

      I have a friend running PFsense, I tried PFsense with identical settings to him, except he is bare metal and im a VM. For some reason his works fine and players can never connect to my server.

      Imgur album w/ descriptions (individual links below). Some images are pulled from my OPNsense attempt but I've tried everything I've done on both OPNsense and pfSense, the settings within fill in identically on pfSense and I see the same results in firewall logs on both. https://imgur.com/a/RBPC3Hq

      firewall logs when friend tries to connect to valheim server. Traffic does reach my network.
      https://imgur.com/6knt1jI

      firewall port forward rule
      https://imgur.com/7zfV36a

      Valheim server docker container from unRaid
      https://imgur.com/hmK5UoT

      unRaid ethernet interfaces on 2 port NIC setup for VMs, bridging
      https://imgur.com/eYRQpS2

      unRaid VM settings, network interfaces setup with bridge 1 and 2
      https://imgur.com/kZnsV57

      The firewall rules seem correct and match my friends working one and what online guides say. I know my game server is working fine. When port forwarding with the xfinity router, it works fine. People connect to the issue without issue. Nothing gets through to the game server when using VM OPNsense of pfSense even though I see entries in my firewall log.

      Does anyone have any ideas whats going on here? Spent so many hours troubleshooting this over weeks now.

      S 1 Reply Last reply Reply Quote 0
      • S
        suchamoneypit @suchamoneypit
        last edited by

        I found my solution. The problem was virtualization specific. I was passing through my ethernet adapter via bridging on Unraid . Although the VM had sole access to the ethernet, this was breaking port forwarding due to some deeper technical stuff I cannot explain. Long story sort, switching to PCI passthrough fixed this. Enabling Multi-Function PCIe ACS override, binding the ethernet card to VFIO at bootup, and then assigning the VM the PCI devices directly in the VM settings resolved this.

        Another note, after hours of work, I could NOT get a Realtek RTL8125 based ethernet card working. PCI passthrough would entirely fail, and using bridging with Unraid resulted in WAN working but the LAN port failing to operate at all. That ethernet card not working was a massive part in this taking me forever to troubleshoot. Everything is working great and with the preferred method of PCI passthrough with an Intel I225 based ethernet card. If I had started with the I225 card instead of trying to save some money with the RTL8125 I would have saved myself some serious effort. Lesson learnt.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post