Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Stupid problem - NAT not working just after default installation - RESOLVED

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 816 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      artmit
      last edited by

      Hello,
      I have spent a lot of time trying to setup pfSense in Proxmox VE, it seemed to be simple task, but it is not unfortunately…
      pfSense run as the simplest virtual machine. Installation went smoothly, after all those hours I at least know what not work, but I cannot find any solution for that.
      I applied all customizations which I found - I turned off TX Offload (in pfSense and in Proxmox host), disabled rp_filter in Proxmox, tried to set set up LAN and WAN as VLANs on single NIC, on different NICs, tried to set LAN & WAN without VLANs, just on bridge to eth, result is always the same. I also tried to make manual NAT rules in pfSense, without success.
      Ping from shell or webconfigurator using default or WAN interface works as expected. It is seen on external machine with pfSense external IP address.
      Ping from machine in LAN to pfSense LAN - of course works.
      Ping from chine in LAN to pfSense WAN - also works.
      Ping from LAN (machine connected to LAN interface or from webconfigurator using LAN output interface) does not reply, that is seen with internal (LAN) address, so my conclusion is that pfSense does not do NAT.
      See attachments, I have rules for NAT, rules for outbound traffic from LAN set up - those are default after clean installation. IP Legend:
      10.1.103.101 - host connected to pfSense LAN (via vmbr in Proxmox)
      10.1.103.251 - pfSense LAN
      xx.yy.zz.253 - pfSense WAN
      xx.yy.zz.250 - another machine in xx.yy.zz subnet, where I run iptraf to check ICMP traffic.

      Maybe someone has a solution for that or comes into same problem?

      Many thanks,
      Artur
      ping_wo_nat.PNG
      ping_wo_nat.PNG_thumb
      outbound_nat_settings.PNG
      outbound_nat_settings.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • A
        artmit
        last edited by

        I finally find out the solution  ::)
        After hours I checked eventually that I had turned off virtualization in test machine I used - it seems that not everything working with this turned off. When virtualization in BIOS was set to off NAT does not work, with virtualization On - it works without problems.
        Strange for me, but true.
        Best,
        Artur

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Weird.  Most modern hypervisors will complain loudly if the virtualization extensions aren't enabled.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.