[solved] Issues with pfsense as KVM VM

  • I have installed pfsense "2.4.4-RELEASE-p2 (amd64)" as VM on an KVM host running Debian 10.

    Pfsense is configured, and consist of the following:
    LAN: Bridged adapter
    WAN: (passthrough PCI NIC).
    DMZ: Bridged adapter

    On neither the KVM hosts, or KVM VMs running on the host, I can really access the internet, simple ping commands works though, which I find strange. So "something" is actually working.

    On other "LAN" devices, which are not directly connected to pfsense or the KVM as such, the internet is working.

    E.g. from the KVM host itself..
    When doing these entries, I cannot see them in the firewall log in pfsense at all, which I find kinda strange.

    :~# ping google.com -c 2
    PING google.com ( 56(84) bytes of data.
    64 bytes from ams16s30-in-f14.1e100.net ( icmp_seq=1 ttl=49 time=13.7 ms
    64 bytes from ams16s30-in-f14.1e100.net ( icmp_seq=2 ttl=49 time=13.7 ms
    --- google.com ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 3ms
    rtt min/avg/max/mdev = 13.664/13.678/13.692/0.014 ms
    :~# wget google.com
    --2019-08-14 18:07:25--  http://google.com/
    Resolving google.com (google.com)..., 2a00:1450:400e:805::200e
    Connecting to google.com (google.com)||:80...

    Everything should be allowed..
    Rules looks like so:

    Any ideas, am I missing something obviously ?

  • Have you disabled hardware checksum offloading?

    It also may be an asymmetric routing issue. Maybe some network miss-configuration. Use packet capture from the Diagnostic menu to investigate the issue.

    To enable logging of the pf filter check the Log option in the filter rules:

  • @viragomann

    Wow! I actually think, that its fixed by checking, "Disable hardware checksum offload".
    I'll report back later, when I have the time to test everything properly.

    Thank you very much so far!

  • That's described in the installation guide for pfSense on Proxmox which virtualizes based on KVM. So "hardware checksum offloading" has to be disabled anyway in your setup.

  • @viragomann
    Thank you so much again. Everything is working, after disabling the hardware checksum offload. :)

Log in to reply