PfSense 2.2 not passing traffic, but ping does get through
-
I had this same problem with ProxmoVE. pfSense installed as KVM with "VirtIO" emulator which is default for KVM. WAN bride with eth0 and go out. Local bridge for LAN side of pfSense.
Installed Windows & Ubuntu with VirtIO Driver. When Windows VM was set to go through pfSense I could ping but no internet no TCP/UDP connections at all. Same scenario. After bashing my head on the wall for whole sleepless night trying to resolve this. Finally I decided to setup XenServer instead of Proxmox which runs Xen hypervisor.
Implemented the same setup in XenServer with all default settings. Windows was installed with default Realtek NIC driver. Alverything worked perfectly fine.
When I installed xe-tools which turned Realtek NIC to "Xen Paravirtualized driver" it stopped work with same results as above. When I uninstalled xe-tools it worked again.
Conclusion
From this what I can see is Paravirtualzied drives are causing this issue in both setup. VirtIO in KVM & PV in Xen. With other NIC emulators like e1000 or Realtek it works fine.I haven't found a solution to get this working with para drivers which will improve the performance.
-
I just ran into this issue too. I have been beating my brain to figure out what the issue was. Once I switched the vNICs to e1000 everything worked.
-
how to change vNICs to e1000 in xenserver 6.5
-
Hello,
I am running in the same problem just, it is not a Virtual Machine, just a normal HP server with 4 Intel NICs…I already disabled the Hardware checksum offload, and disabled "fast IP forwarding", but on one of my server (the primary) after a reboot this happens... :S
Thanks,
Michele -
facing a similar issue since few days, have read almost every thread on this topic but couldn't make it work yet..!
My network setup is as follows
ISP modem to rl0 ie wan on pfsense , lan re0 to my switch box .
everything was fine until last two days suddenly pfsense stopped giving access to the internet,, tried almost everything known but no success,, finally reconfigured the pfsense NO SUCCESS still.
mine is a static IP connection ,
I am able to ping anything and everything from the pfsense ping host using ip address aswell as the host-names, However i am not able to ping through the client using HOST-NAMES only IP address works and thats what i think is the problem,,ANY HELP would be heartily appreciated.. ! thanks in advance..
-
i am not able to ping through the client using HOST-NAMES only IP address works
Sounds like a DNS issue. Check your client DNS settings and work up from there. What is DNS for your network? pfSense?
-
Thanks for the reply KOM.
my dns addresses are as follows : pref dns; 103.29.249.245
alt dns :8.8.8.8Also if i configure the same settings in my DLINK DIR 600 ROUTER ie if i bypass the pfsense everything seems to work perfect. , my clients systems are on DHCP and refer to the pfsense LAN ip ie 192.168.0.1 as the gateway and the DNS server,
-
I had the same problem as described in op with Xen and pfSense. The first sticky post in this forum describes the problem and a workaround. In the end, I had to turn off just the checksum offload on my private network using ethtool.
IMPORTANT: Xen/KVM networking will not work on 2.2 using default hypervisor settings!
https://forum.pfsense.org/index.php?topic=88467.0 -
I had this same problem with ProxmoVE. pfSense installed as KVM with "VirtIO" emulator which is default for KVM. WAN bride with eth0 and go out. Local bridge for LAN side of pfSense.
Installed Windows & Ubuntu with VirtIO Driver. When Windows VM was set to go through pfSense I could ping but no internet no TCP/UDP connections at all. Same scenario. After bashing my head on the wall for whole sleepless night trying to resolve this. Finally I decided to setup XenServer instead of Proxmox which runs Xen hypervisor.
Implemented the same setup in XenServer with all default settings. Windows was installed with default Realtek NIC driver. Alverything worked perfectly fine.
When I installed xe-tools which turned Realtek NIC to "Xen Paravirtualized driver" it stopped work with same results as above. When I uninstalled xe-tools it worked again.
Conclusion
From this what I can see is Paravirtualzied drives are causing this issue in both setup. VirtIO in KVM & PV in Xen. With other NIC emulators like e1000 or Realtek it works fine.I haven't found a solution to get this working with para drivers which will improve the performance.
I wanted to post here to first say a deep and heartfelt THANK YOU for posting this as I spent days trying to work out why all my Linux boxes didn't have internet but my Mac's and Windows machines did. After trying loads of tests and variations I found your thread which was the final clue :)
For the record (and to help people searching with similar issues) I am running pfsense on a Virtualised installation on a QNAP server, it worked great apart from Linux VM's not having internet and the QNAP itself (if sharing a virtualised switch) also lacking internet. If you route the QNAP via a none virtualised ethernet socket then you aren't affected.
Ping worked just fine. When I swapped to the Realtek ethernet emulator everything started working again.
-
@Bullz3y3 Your advice on switching to e1000 is as good on the latest version of Proxmox and the latest version of pfsense as it was in 2015, this was driving me insane, thank you!
-
@bullz3y3 I can definitely confirm your suggestion to change the network adapter to e1000 for proxmox. Thanks!
-
I am having no problems putting traffic through modern pfSense installs on a modern proxmox VE installation using the virtio drivers.
I, too, suffered from the issue with XenServer but there were fixes (using HV drivers or disabling the checksums in the VM).
-
@derelict could you please run iperf from pfsense to the host and copy&paste the output here? And maybe from a linux vm to the host?
Many thx
-
Full speed, but I only have 350/30 here.
The problems on XenServer resulted in almost no throughput when using TCP, like single-digit kilobits-per-second. If you are seeing just lower-than-expected throughput then it's a completely separate issue and you should start a different thread.
Don't performance-test by running iperf on the firewall. Test through the firewall.
-
@derelict thx for your replay, i already stared a thread "https://forum.netgate.com/topic/138988/pfsense-on-kvm-slow-network-speed" but nobody replayed, that's why i asked here. ^^
i am more interested in throughput between two local subnets through the firewall than between local net and internet. -
1.6 Gbit/sec between two VMs in each direction. Single-stream TCP.
iperf3 hosts are on 1302 and 1201.
-
Sorry for adding to an old post but just wanted to add another +1 to this in case someone else is struggling.
Anything ICMP related seemed to work fine (ping, trace route etc) but no web, ssh, telnet, etc.
under System / Advanced / Networking; disabled Hardware Checksum Offloading, saved the setting and everything seems to have sprung into life again.
pfsense: 2.4.4-RELEASE-p3
vm host: ubuntu 16.04.6
using KVM and virtio NICs -
@Bullz3y3 Hello..
here same situation... really frustrating..I have tried any kind of network card in proxmox.. can't reach internet from the virtual lan.
If start all lan virtual machines and I reboot the pfsense.. all works.. if i restart a lan VM with pfesense running, no internet connection...
ooh s***!!!
-
My entire lab is in proxmox. Works absolutely fine.
It is key to disable the checksum offloads or you won't be able to pass traffic reliable becasue the checksums will fail due to the way the networking stack in proxmox/kvm works. This is not an uncommon requirement in other hypervisors either.
-
But it is the first setting that i have made on pfsense after installation..
I have tried to change the network type..and nothing.. and the fact is that this error replicate in any other proxmox host installation....
