Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [solved] Issues with pfsense as KVM VM

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    5 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lbm_
      last edited by lbm_

      I have installed pfsense "2.4.4-RELEASE-p2 (amd64)" as VM on an KVM host running Debian 10.

      Pfsense is configured, and consist of the following:
      LAN: Bridged adapter
      WAN: (passthrough PCI NIC).
      DMZ: Bridged adapter

      On neither the KVM hosts, or KVM VMs running on the host, I can really access the internet, simple ping commands works though, which I find strange. So "something" is actually working.

      On other "LAN" devices, which are not directly connected to pfsense or the KVM as such, the internet is working.

      E.g. from the KVM host itself..
      When doing these entries, I cannot see them in the firewall log in pfsense at all, which I find kinda strange.

      :~# ping google.com -c 2
PING google.com (172.217.17.78) 56(84) bytes of data.
64 bytes from ams16s30-in-f14.1e100.net (172.217.17.78): icmp_seq=1 ttl=49 time=13.7 ms
64 bytes from ams16s30-in-f14.1e100.net (172.217.17.78): icmp_seq=2 ttl=49 time=13.7 ms

--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 13.664/13.678/13.692/0.014 ms
:~# wget google.com
--2019-08-14 18:07:25--  http://google.com/
Resolving google.com (google.com)... 172.217.17.78, 2a00:1450:400e:805::200e
Connecting to google.com (google.com)|172.217.17.78|:80...

      Everything should be allowed..
      Rules looks like so:
      DMZ
      LAN

      Any ideas, am I missing something obviously ?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Have you disabled hardware checksum offloading?

        It also may be an asymmetric routing issue. Maybe some network miss-configuration. Use packet capture from the Diagnostic menu to investigate the issue.

        To enable logging of the pf filter check the Log option in the filter rules:
        3dc0bf32-b16f-4141-99d2-48ec92fd72b4-grafik.png

        L 1 Reply Last reply Reply Quote 2
        • L
          lbm_ @viragomann
          last edited by

          @viragomann

          Wow! I actually think, that its fixed by checking, "Disable hardware checksum offload".
          I'll report back later, when I have the time to test everything properly.

          Thank you very much so far!

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by viragomann

            That's described in the installation guide for pfSense on Proxmox which virtualizes based on KVM. So "hardware checksum offloading" has to be disabled anyway in your setup.

            L 1 Reply Last reply Reply Quote 1
            • L
              lbm_ @viragomann
              last edited by

              @viragomann
              Thank you so much again. Everything is working, after disabling the hardware checksum offload. :)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.