Pfsense i386 , 2.1 virtio , 3 NIC so far .
-
Hi Pfsense…
I'm now up running on PfSense with the Virtio Net Drivers as my
main firewall.
The Virtio Drivers is the best thing happen for us using virtualization
on linux KVM.
The Speed is way better. Have made some very sick test yesterday with
a lot of torrent stuff , just to see how it perform and i'm impressed.I have these packages installed.
darkstat ,squid ,squidGuard ,snort and they works fine.
But , I have a very strange problem.
I have the exact same firewall rules from the 2.01 ,
but the HOST "bare metal" can only ping , wget The Internet nothing
else.. All my KVM and Openvz no problem.When i try to connect from the outside WAN in , I can access
all my KVM , OPENVZ but not the HOST.So i altered on of my working firewall-rules to redirect from a
KVM to the HOSTS (hangs). When i altered it back it works.Setup :
Host : Proxmox 2.2 - newest.
HOST ip : 192.168.2.90
3 bridges interface
LAN : 192.168.2.41
WAN : 192.168.1.41
DMZ : 192.168.3.41SSH from LAN 192.168.2.x to HOST (Fine).
SSH from DMZ to HOST (Fails).
SSH from DMZ to not HOST (works).
SSH from WAN to HOST (Fails).
SSH from WAN to not HOST (works).
SSH from HOST to WAN (fails).And of course the newest 2.1Beta version.
I'm confused... And Again when i switch back to 2.01 , no
problems at all.../Best Michael
-
Hi Again.
Am I the only one here using KVM + virtio ???
When changing virtio to e1000 , everything works as expected…
/Best Michael
-
cmb merged a virtio update - pfSense will likely then contain more recent virtio drivers from 8-STABLE.
I hope I didn't mess up anything - care to tests snapshots?
(I'd say starting november 22/23rd I guess) -
I took a snapshot from 22th, the virtio modules all are loadable inside a KVM box (only basic Ubuntu precise with virt-manager)
For installing on virtio-only environment, including virtio block device you'll want to check this out, it's still applying:
http://doc.pfsense.org/index.php/VirtIO_Driver_SupportWould be interesting to know if it makes a difference for you now with these modules.
-
I've been trying to get this to work for awhile before figuring out that this was my issue. I'm using November 23rd's snapshot. e1000 drivers work fine. When I switch it to virtio NAT fails to work. It will work again when I switch it back to e1000. the virtio_blk and virtio_balloon drivers appear to work fine.
-
I was able to load the Virtio drivers, but on new installs I can't at the moment.
I was also not able to generate traffic on my previous configured Virtio Nic… so I wonder what goes wrong here.
-
Just to not be the only bad voice ;-)
Fresh installs with snaps from 22 and 24th in both VirtualBox and KVM have loadable and save-able virtio modules here.
Still not sure if I can simulate the networking inside a local environment to confirm that there are regressions otherwise. -
As conclusion from my side:
- FreeBSD VM and pfSense LAN devices (virtio) connected to an isolated virbr on Debian Squeeze
- WAN device on pfSense is an e1000
NAT works this way quite well :-)
NAT works so far. I've had some whacky results with virtio_blk however, not sure if that's a local issue but
for pfSense if_vtnet is likely the most interesting part. -
Just to confirm in the beginning (a couple of weeks ago) the only way i could get NAT working was using the virtio for WAN and e1000 for LAN
it seems this is/has been fixed as of lately could this have to do with hardware checksums as i have read the post below and adjusted the offload setting and a couple of reboots later i have 2 virtio interfaces WORKING now even for NAThttp://forum.pfsense.org/index.php/topic,50128.msg340321.html#msg340321
Should this option always be disabled when using virtio interfaces anyway??