Pfsense 2.2.2 in esx arp issues.
-
Hello All.
I will try and include as much details as possible but I still can not wrap my head around the problem.
I am trying to use PFSense 2.2.2 in a Vmware environemnt to separate a Vlan from the rest of the network.
I have two Vlans trunked up to the ESX host to two distributed switches.
Then in pfsense I have two interfaces one on each Distributed switch.
This is a very basic setup and I have done this setup on a smaller scale at home.
Nating is disabled and I have two any any rules configured just for testing.
The problem: When pinging from a host in the wan (host a) to a laptop connected inside the lan (host b) Using wireshark I can see the ping requests make it to host B but host B then sends arp requests over and over again trying to find the .1 (pfsense lan ip)
Once Promiscuous mode is enabled on both the Virtual switch and PFsense everything works appropriately.
-
Gateway IP a CARP IP? Then that's the expected result. If it's not, then you have some kind of VMware problem. Well, either way it's a VMware problem, just one would be expected because of how its vswitches function.
-
Did you bridged the two interfaces in pfSense? I remember having some issues with bridged interface in ESX. We need to use promiscuos mode to get things going.
-
Similar situation for bridging, for the same reason with the vswitches.
-
This is not bridged and no Carp.
Leaning towards Vmware even more now.
if I turn promisc off on everything and set a static Arp on host B It works as expected again.
Now to find out why arp is working between vmware and cisco.
Thank you all.
-
I don't have any issues with arping, my vswitches are not in promisc mode.. Multiple segments and one connection that is a trunked to the vswitch.
What are you running for esxi? I agree this sure has nothing to do with pfsense.
-
Using Vmware ESXi 5.5.
My setup is similar to yours except the Vswitch is setup for a single vlan rather than all of them like yours.
Time to bother the cisco guys…
-
you are using u2 of 5.5 I assume - freebsd 10.1 is not supported until u2 of 5.5
So you have multiple port groups on the same vswitch with different vlans on them?
-
Sorry not the best with Vmware. here is the setup. I think I blocked out the un-needed goods.
-
how is that suppose to work exactly where is the gateway for your different machines say on vlan 330? Something has to route the vlans. You have that vm on 1012 that is called firewall? But its only on 1 vlan?
Is your router virtual? What is doing the layer 3 between the vlans - and what is your physical connection of those 8 interfaces to your phyical switches setup? Just trunk with all of those vlans?
-
Just switched back to e1000 interfaces from vmxnet 3 interfaces and now pfsense is seeing broadcasts including arps.
