Is this a virutlization issue or a NAT/routing issue?

MakOwner

Blundering about in the dark as I can't get plenty of views on this question but no one is responding, so I'm trying to post this slightly differently:

Original post:  https://forum.pfsense.org/index.php?topic=127974.0

pfSense virtualized connected to three phyical interfaces, WAN/LAN/OPT1.
LAN is 192.168.20.n
OPT1 is 192.168.30.n

Both interfaces are pretty much configured as they were created – I copied the LAN to any firewall rule over to the Wireless and things took off and worked fine for quite a while -- I know I have had at least one pfSense upgrade and a couple of reboots since setting this up.

So, to reiterate --

192.168.20.n/24
                                          LAN <->
                                                          vPFSense <-> Internet
EA6500 as an AP <->  OPT1 <->
                                    192.168.30.n/24

The LAN/WAN and OPT1 interfaces are all ESXi interfaces that are switch connections to three physical ports.  the WAN port is wired to the internet provider and the LAN and OPT1 are both wired to a local switch.
The switch has the remainder of the network for copper connections and one copper connection to the Linksys EA6500 in access point mode. 
(Yea, I know it's not really an access point, but I have maybe 3 or 4 wireless devices that see occasional use, so it's not the most critical portion of this setup.)

This worked and for quite a while.

Something happened this weekend, and it stopped. You can get to other devices on the internal network but any access beyond the pfsense is gone.
I was able to get it back briefly, but it eventually fails again.
I'd point at the EA6500, except I can take it out from behind the pfSense, reconfigure it as a router and it works just fine.
And even when it isn't allowing internet access, you can still get to other devices on the network.

This one really has me stumped and I'd really like to figure this out.
I don't see anything suspect looking in the routing table, but I'm not the sharpest network person either.

any help would be tremendously appreciated.

heper

Can you access the webgui from the clients?

Are the gateway(s) online ?

What errors are you getting in logs?

MakOwner

I can get to the pfsense gui from the clients. 
I can get to a webserver on the 192.168.20.n subnet from the devices on the 192.168.20.n subnet.
All interfaces on the pfSense are up, with no errors.
The only errors I see in the logs are:

System, General (right after a reboot):

Mar 27 15:35:41 	dhcpleases: kqueue error: unkown
Mar 27 15:35:40 	dhcpleases: Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process.
Mar 27 15:35:40 	dhcpleases: /var/etc/hosts changed size from original!
Mar 27 15:35:38 	dhcpleases: /var/etc/hosts changed size from original!

While maybe not an error, I do see these in the DHCP logs:

Mar 28 05:23:28 	dhcpd: uid lease 192.168.20.243 for client b8:27:eb:1c:bc:3e is duplicate on 192.168.20.0/24

Last gateway log entry:

Mar 27 12:44:38 	dpinger: send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 71.123.236.1 bind_addr 71.123.236.4 identifier "WANGW "

The firewall log does show this periodically, which I think may be odd:

x	Mar 28 05:31:10 	WIRELESS 	0.0.0.0 	224.0.0.1 	IGMP