Handle all traffic from within virtual environment
-
He appears to have a WAN IP but no LAN IP. According to your KVM output (and remember I'm new to KVM), it appears that you have the second NIC piped to a dummynet private LAN, and it isn't linked to ETH1 with a LAN IP address. You need the pfSense LAN IP address to be something that is reachable from your desktop so that you can get at the GUI. That means it has to be on the same subnet.
-
It seems like that install was all borked, so I reset to factory defaults and tried again. I didn't get a single error message, and this is what ifconfig looks like now:
This looks like progress, but I still can't ping out from (or in to) pfSense. However, other VMs on the network are now able to lease a local IP through DHCP, so I'm getting somewhere.I can also get to the webConfigurator page now, although the only OS image I have loaded currently is a headless Ubuntu 14.04 image, and with no network access I can't install a graphical environment to get a browser. I'll sleep on it and see where I can get in the morning. I think this is almost there.
-
Progress is good.
-
@KOM:
Progress is good.
Indeed.
Anyway, I got a graphical environment set up in a VM and I'm able to log into the webConfigurator. Here's what that screen looks like:
I don't have an easy way to copy the full text of the crash report mentioned in that message (the machine still can't get Internet access), but here's the beginning of it:
If this looks like something that needs to be investigated further, I can get more details.In the meantime, I'm going to get in touch with the data center and see if there's possibly something on their end that's preventing me from using the IP block.
-
Can you show the screen for Interfaces - WAN?
-
-
You have your gateway set to the broadcast IP. Set it to the gateway as provided by your ISP, 192.99.198.150.
-
So I did. Whoops. Anyway, changing it to .150 hasn't changed the symptoms.
-
From the webGUI, can you go to Diagnostics - Ping and see if pfSense can ping the gateway?
-
@KOM:
From the webGUI, can you go to Diagnostics - Ping and see if pfSense can ping the gateway?
Nope. I get "ping: sendto: Host is down"
-
I'm starting to run out of ideas. I don't know KVM and I don't know Proxmox. Your ISP making you use one of your IP addresses as the gateway is strange from my perspective. Usually the gateway is outside your usable range. You can't even ping the gateway from another IP on the same subnet.
Hopefully someone else can chime in.
-
I agree it's strange. I'm still waiting to hear back from their support folks.
-
I heard back from the support folks, and they said that all 4 IPs should be usable, and gave me this link in relation to IPv4 settings..
It turns out the host requires you to use a MAC address they specify. I added that to pfSense and changed the gateway to .254 as they suggested, but I still can't get any connectivity. Here's my WAN settings now:
Also, when I try changing the address to .148/30 (to cover all 4 IPs), pfSense gives me the error "This IPv4 address is the network address and cannot be used". Does this mean the support person was incorrect when they said all 4 IPs are usable, or is this just a limitation of pfSense?
-
The MAC addy thing is not uncommon, but it would have been nice for them to let you in on the secret before you wasted hours trying to get it working.
OK, first off I would disable IP6 to reduce the complexity. From the WebGUI, can you once again go to Diagnostics - Ping and ping the gateway?
-
After much back-and-forth, it turns out the problem was… ARP tables in a router I don't control!
pfSense still wasn't happy with the fact that the gateway was outside my net range, but I was able to take care of that:
route add -net YOUR.DEDICATED.IP.254 -iface em0 route add default YOUR.DEDICATED.IP.254 route del -net YOUR.DEDICATED.IP.254 -iface em0…and now other VMs can lease IPs via DHCP from pfSense and then access the Internet through it! Amazing how much better things work when they're not broken.
Anyway, thanks so much for all the help. The root of the problem may have been out of my control, but I still picked up a few handy things from this thread.
-
It seems to be common that network problems you can't seem to resolve end up having an external factor.
