Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ESXI + pfesense + sg300 = no internet for VMs

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      VirtualizingStuff
      last edited by

      Hello Everyone,

      I am new here and wanted to see if I could get some assistance. I do not have a lot of experience with networking in general which is why I am doing this. I am not able to ping pfsense LAN IP 192.168.20.1 from other VLANs which I believe is why my workstations are not able to get out on the internet. From the router I am able to ping all devices on all vlans. I have a SG300-20 in layer 3 mode with ip interfaces for each vlan.

      When I use my physical firewall all works fine but in all honesty I couldn't ping my physical router from other vlans either but things seem to work and I was able to access the internet. I don’t quite understand why.

      Physical Configuration:
      Netgear FVX538 (192.168.20.1) –> SG300 (Multiple VLANs) Layer3 --> ESXI Host vSwitches

      SG300 (Layer3 mode) switch:
      A lot of VLANs trying to simulate real life environment
      VLAN1 = Router
      VLAN10 = Home (default vlan)
      VLAN30 = Servers
      VLAN50 = VM Management
      VLAN55 = Workstations
      VLAN56 = Development
      VLAN60 = Storage
      VLAN70 = vMotion
      VLAN71 = FT

      A default route has been added to SG300 to point to 192.168.20.1 for internet.

      GE1 port on SG300 is connected to my LAN vSwitch on the host. I tried changing the port from access mode (untagged VLAN1) to trunk mode (tagging VLAN1) both have the same result.

      pfsense:
      In pfsense I added static routes back to VLAN 10, 30, 50, 55, & 56 using gateway 192.168.20.2 (SG300 VLAN1 interface). I also made sure on the LAN that there is no gateway selected as this seems to trip up a few people.

      I have attached a few screenshots in order to assist.

      Any assistance would be appreciated. Also if you see anything that is not done correct with regards to networking best practice please let me know.

      Thanks
      ![ESXI vSwitch.png](/public/imported_attachments/1/ESXI vSwitch.png)
      ![ESXI vSwitch.png_thumb](/public/imported_attachments/1/ESXI vSwitch.png_thumb)
      ![SG300 Port Modes.png](/public/imported_attachments/1/SG300 Port Modes.png)
      ![SG300 Port Modes.png_thumb](/public/imported_attachments/1/SG300 Port Modes.png_thumb)
      ![pfsense Routes.png](/public/imported_attachments/1/pfsense Routes.png)
      ![pfsense Routes.png_thumb](/public/imported_attachments/1/pfsense Routes.png_thumb)

      1 Reply Last reply Reply Quote 0
      • V
        VirtualizingStuff
        last edited by

        Here are some more screenshots.

        ![SG300 VLAN Interface Table.png](/public/imported_attachments/1/SG300 VLAN Interface Table.png)
        ![SG300 VLAN Interface Table.png_thumb](/public/imported_attachments/1/SG300 VLAN Interface Table.png_thumb)
        ![SG300 Ping Test.png](/public/imported_attachments/1/SG300 Ping Test.png)
        ![SG300 Ping Test.png_thumb](/public/imported_attachments/1/SG300 Ping Test.png_thumb)
        ![SG300 VLANs.png](/public/imported_attachments/1/SG300 VLANs.png)
        ![SG300 VLANs.png_thumb](/public/imported_attachments/1/SG300 VLANs.png_thumb)

        1 Reply Last reply Reply Quote 0
        • V
          VirtualizingStuff
          last edited by

          Last set.

          Thank you in advanced!  :D

          ![pfsense No Gateway for LAN set.png](/public/imported_attachments/1/pfsense No Gateway for LAN set.png)
          ![pfsense No Gateway for LAN set.png_thumb](/public/imported_attachments/1/pfsense No Gateway for LAN set.png_thumb)
          ![pfsense ping Internal Network test.png](/public/imported_attachments/1/pfsense ping Internal Network test.png)
          ![pfsense ping Internal Network test.png_thumb](/public/imported_attachments/1/pfsense ping Internal Network test.png_thumb)
          ![pfsense DNS test.png](/public/imported_attachments/1/pfsense DNS test.png)
          ![pfsense DNS test.png_thumb](/public/imported_attachments/1/pfsense DNS test.png_thumb)

          1 Reply Last reply Reply Quote 0
          • V
            VirtualizingStuff
            last edited by

            I was able to successfully ping the gateway 192.168.20.1 (physical firewall) from all vlans by removing an incorrect route. I had a route on my firewall that said 192.168.20.0 traffic go through 192.168.20.2 which makes sense why I could not ping the gateway from those vlans. I will continue to troubleshoot my virtual pfsense firewall tonight.

            1 Reply Last reply Reply Quote 0
            • V
              VirtualizingStuff
              last edited by

              I figured it out! I created an Alias called InternetforVLANs for all VLAN traffic that require internet. After that I then created a rule to allow Any IPv4 traffic from InternetforVLANs to any destination. I have attached screenshots for those who may have a similar issue.

              Alias.png
              Alias.png_thumb
              FirewallRule.png
              FirewallRule.png_thumb

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.