NAT port forward fails the first time
-
Well here is the thing.. Freebsd 10.1 was not added until 5.5u2 – so why would you expect it to function properly. Until you move to 5.5u2 your going to have to use an older version of pfsense..
edit: this was directed at rachingralph - but seems that post is gone about following kb from vmware, etc.
-
Until you move to 5.5u2 your going to have to use an older version of pfsense..
OK - Updated to ESXi 5.5u2 today. Works like a charm.. :P Reduced pfsense memory to 512kB and removed 2nd vCPU. Could reproduce the firewall block symptome.. >:(
But the I added a 2nd vCPU (and let the 512kB RAM as it was) and with these settings I am not able to reproduce the problem.
How many cores das your virtual pfsense machine have?
-
My vm has 2 cores, and 512MB of ram – yeah I would think it wouldn't even boot with 512KB of ram ;)
So did you do a clean install when you changed from 2 cpu to 1? Not sure how freebsd handles having 2 cpus and then booting and only seeing 1, etc.
Is this with or without open tools? Using vmx3 or e1000 ?
-
My vm has 2 cores, and 512MB of ram – yeah I would think it wouldn't even boot with 512KB of ram ;)
So did you do a clean install when you changed from 2 cpu to 1? Not sure how freebsd handles having 2 cpus and then booting and only seeing 1, etc.
Is this with or without open tools? Using vmx3 or e1000 ?
oh yes.. of course 'MB's. :)
Didnt do a clean install - but that shouldnt be a problen - can do that tomorrow, pfsense is very flexible in that aspect, with the config.xml backup/restore mechanism. According to the FreeBSD book the amd64 kernel is compatible with most Xeon cpus (https://www.freebsd.org/doc/handbook/bsdinstall-hardware.html). But since not many cpus with only 1 socket/core exist anymore, it makes sense that a multicore cpu is expected by the system. (in my case: http://en.wikipedia.org/wiki/List_of_Intel_Xeon_microprocessors#.22Yorkfield-CL.22_.2845_nm.29)
It is with open tools and vmxnet3.
-
I have the same EXACT ISSUE as RacingRalph.
Did you check the number of vCPUs in your ESXi setup for pfsense?
-
Not accusing anyone of anything ;)
This is why you shouldn't mix up thread unless they are the same.. If your running current 5.5, and he is running 4.1 and VB sorry but those are different.. Let me relook over the thread. Tell you I have current 5.5 with opentools pfsense 64bit, only 512 with 2 cpu and have seen no issues create nats, changing firewall rules, etc. etc.
edit:
Ok yeah he really took over your thread filling it with stuff that has nothing do with yours - I got confused, sorry.You really have provided little detail.. So looking over do you have 32 bit or 64 bit, why are you running e1000? Have you tried it with vmx3 native? Before and after you install the open tools.. What other packages do you have installed if any? What build of esxi, 10.1 I do believe needs at min update 2.. I am on 5.5.0 build 2456374
yeah sure looks like you need update 2, this is when they added freebsd 10.1 support.
Well here is the thing.. Freebsd 10.1 was not added until 5.5u2 – so why would you expect it to function properly. Until you move to 5.5u2 your going to have to use an older version of pfsense..
edit: this was directed at rachingralph - but seems that post is gone about following kb from vmware, etc.
I have a 64bit pfsense 2.2. I'm using e1000 because it is the default and I didn't think it would give me any problems. Is it problematic? Haven't tried vmx3 native yet. And I only applied NAT port forwards after installing open tools so I haven't tested that yet. No packages installed other than open tools. I'm on 5.5.0 1331820.
Oh ok. So since pfsense is Freebsd 10.1 based, I would have to update esxi to 5.5u2 to make sure that everything is compatible. Why didn't pfsense tell us that during installation? Lol.
-
Yeah freebsd 10.1 isn't officially supported on vmware until 5.5u2 – 1331820 that is initial release is it not? You have not applied any patches?
-
Yeah freebsd 10.1 isn't officially supported on vmware until 5.5u2 – 1331820 that is initial release is it not? You have not applied any patches?
Oh ok. I'm not the admin of our vcenter, actually. That's why I can't apply patches easily. But I'll let the admin know about that then.
Thanks.
-
I have the same EXACT ISSUE as RacingRalph.
Did you check the number of vCPUs in your ESXi setup for pfsense?
Btw, I only have one vCPU for my pfsense setup.
-
Could this be connected to this issue, which has been fixed in 2.2.1?
Fixed a bug where applying NAT changes in Hyper-V could break the running NAT configuration. #4445
https://redmine.pfsense.org/issues/4445
