Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VMware Server 1.0.4 / pfSense 1.2 RC2 –- pfsense cannot connect to WAN

    Scheduled Pinned Locked Moved
    Virtualization
    2
    4
    8.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      theanomaly
      last edited by

      pfsense: running as a VM in VMware Server 1.0.4

      NICs:

      • WAN interface is set to VMware's Default Bridged, DHCP client
      • LAN interface is set to a separate VMware network (host only)

      Issue: pfsense, nor any of the other systems behind it (set up as NAT) can connect to the web whatsoever. Trying to connect to the available package list using the webgui for pfsense gives the  "cannot connect to pfsense.com, check gateway / dns / etc" error.

      Details

      • pfsense VM picks up appropriate information on WAN via DHCP, and webgui interface status window shows that it is getting a proper IP, within the right subnet, and the right gateway / dns IPs
      • another VM, running Windows 2000, is set to the same Default Bridged config as the pfsense WAN interface, and picks up the correct info across the board as well; further, it can browse the web just fine
      • only difference in IP configuration between Win2K VM and pfsense VM is a different host IP from DHCP… they are getting all other settings from DHCP and they are identical on both (gw, dhcp, dns, etc)
      • setting pfsense's WAN interface to static IP in the appropriate range instead of DHCP, and manually entering appropriate IP info for gw and dns, does not resolve the issue
      • Win2K VM can ping the DHCP provider, and can ping the physical host box as well; as mentioned, it can browse the web fine
      • cannot ping the pfsense WAN IP from any machine on the subnet
      • pfsense cannot ping any other machine on the WAN's subnet whether by IP or by DNS name, nor can it ping the IP from which it says it is receiving its DHCP info(?!?)
      • issue does not lie with host machine IP stack or network config, and disabling all but for VMware Bridging protocol on the host machine's adapter does not resolve the issue
      • Host machine is Win XP Pro SP2, with all patches installed, and firewall has been enabled/disabled without changing anything whatsoever.

      There looks to be connectivity between the pfsense VM and the dhcp provider, but it... Just. Won't. Work.

      I'm going to see if traffic analysis reveals anything, but if there any other thoughts, I'd appreciate the input. If any part of what is above is unclear, let me know and I will rephrase.

      Ran a forum search first, as well as a review of the documented VMware pfsense install guide (which I followed without difficulty, only difference is I am using Server 1.0.4 and not Workstation as the demo showed).

      1 Reply Last reply Reply Quote 0
      • T
        theanomaly
        last edited by

        Update (results of traffic analysis)

        Ping attempts from the pfsense VM to the IP of the DHCP provider do not come back, as mentioned before. Traffic monitoring shows that each ping attempt, the pfsense install sends an ARP request for the destination of the ping, but never gets a response. As a result, all pings fail. (using Ethereal 0.99.3 to monitor)

        I'll look and see what ARP-related options there are within pfsense…

        1 Reply Last reply Reply Quote 0
        • T
          theanomaly
          last edited by

          Update (traffic analysis / possible workaround)

          I was incorrect in my earlier traffic analysis, there are ARP responses being sent to pfsense but pfsense is not accepting them for whatever reason. The number of ARP responses is equal to the number of ARP requests and contains the appropriate information.

          Manually specifying ARP information via cli does not resolve the issue.

          I recreated the VM using 1.0.1 and it worked fine, as did 1.0RC1. I will try again with this release of 1.2 again at some point as I'd rather have the latest version.

          1 Reply Last reply Reply Quote 0
          • M
            metalo
            last edited by

            Why do you have your VM win2k box on the WAN side.  The WAN side should only be dedicated to your cable modem or adls modem.  All other systems should be on the LAN side.

            Details

            • pfsense VM picks up appropriate information on WAN via DHCP, and webgui interface status window shows that it is getting a proper IP, within the right subnet, and the right gateway / dns IPs

            The above sounds good.  My pfsense does this as well.

            • another VM, running Windows 2000, is set to the same Default Bridged config as the pfsense WAN interface, and picks up the correct info across the board as well; further, it can browse the web just fine

            Why do you have this on the WAN, the only thing on the WAN side should be pfsense especially if you're connecting a cable modem or dsl modem.  Are you setting up some sort of DMZ area?  Do you have another router infront of pfsense?

            • only difference in IP configuration between Win2K VM and pfsense VM is a different host IP from DHCP… they are getting all other settings from DHCP and they are identical on both (gw, dhcp, dns, etc)
            • setting pfsense's WAN interface to static IP in the appropriate range instead of DHCP, and manually entering appropriate IP info for gw and dns, does not resolve the issue
            • Win2K VM can ping the DHCP provider, and can ping the physical host box as well; as mentioned, it can browse the web fine
            • cannot ping the pfsense WAN IP from any machine on the subnet
            • pfsense cannot ping any other machine on the WAN's subnet whether by IP or by DNS name, nor can it ping the IP from which it says it is receiving its DHCP info(?!?)
            • issue does not lie with host machine IP stack or network config, and disabling all but for VMware Bridging protocol on the host machine's adapter does not resolve the issue
            • Host machine is Win XP Pro SP2, with all patches installed, and firewall has been enabled/disabled without changing anything whatsoever.

            Here is my setup, kind of like yours but I don't use Win2k VM..

            I have a Host Machine 2 NIC's
            1 WAN ---> Cable Modem only
            1 LAN ----> GigE Switch ----> Internal Network Client Machines

            I have 2 VM's
            1 VM pfsense, configured with 2 Virtual NIC's, that Map to Physical WAN, and Physical LAN.
            1 VM Debian configured with 1 Virtual NIC Mapped to Physical LAN

            I never use host-only or NAT (Ok I use NAT if im going to patch a new build.)

            LAN is like vmnet2 which I point to my Physical Broadcomm GigE Nic in windows
            WAN is bridged vmnet0 which points to my Physical Broadcomm Ethernet Nic in windows.

            LAN 192.168.1.x
            WAN is received from cable modem.

            Now on my Windows HOST system, I statically IP my Ethernet NIC to 1.1.1.1 so it doesn't DHCP to the cable modem.
            I IPed on my HOST on the GigE interface 192.168.1.10, and from there I can ping 192.168.1.1 my pfsense VM.  Sweet.
            My Debian box is mapped to the LAN interface which is the GigE NIC on the host system.  I can ping 192.168.1.255 -b and I see everything, or nmap -n -T5 -sP 192.168.1.0/24.

            I'm not sure if this helps but I hate seeing a message out there with no response, especially when I'm kind of doing the same thing I guess.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post