4. [solved] Issues with pfsense as KVM VM

[solved] Issues with pfsense as KVM VM

  • L

    I have installed pfsense "2.4.4-RELEASE-p2 (amd64)" as VM on an KVM host running Debian 10.

    Pfsense is configured, and consist of the following:
    LAN: Bridged adapter
    WAN: (passthrough PCI NIC).
    DMZ: Bridged adapter

    On neither the KVM hosts, or KVM VMs running on the host, I can really access the internet, simple ping commands works though, which I find strange. So "something" is actually working.

    On other "LAN" devices, which are not directly connected to pfsense or the KVM as such, the internet is working.

    E.g. from the KVM host itself..
    When doing these entries, I cannot see them in the firewall log in pfsense at all, which I find kinda strange.

    :~# ping google.com -c 2
PING google.com (172.217.17.78) 56(84) bytes of data.
64 bytes from ams16s30-in-f14.1e100.net (172.217.17.78): icmp_seq=1 ttl=49 time=13.7 ms
64 bytes from ams16s30-in-f14.1e100.net (172.217.17.78): icmp_seq=2 ttl=49 time=13.7 ms

--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 13.664/13.678/13.692/0.014 ms
:~# wget google.com
--2019-08-14 18:07:25--  http://google.com/
Resolving google.com (google.com)... 172.217.17.78, 2a00:1450:400e:805::200e
Connecting to google.com (google.com)|172.217.17.78|:80...

    Everything should be allowed..
    Rules looks like so:
    DMZ
    LAN

    Any ideas, am I missing something obviously ?

    0
  • V

    Have you disabled hardware checksum offloading?

    It also may be an asymmetric routing issue. Maybe some network miss-configuration. Use packet capture from the Diagnostic menu to investigate the issue.

    To enable logging of the pf filter check the Log option in the filter rules:
    3dc0bf32-b16f-4141-99d2-48ec92fd72b4-grafik.png

    1
    L
     1 Reply
  • L

    @viragomann

    Wow! I actually think, that its fixed by checking, "Disable hardware checksum offload".
    I'll report back later, when I have the time to test everything properly.

    Thank you very much so far!

    0
  • V

    That's described in the installation guide for pfSense on Proxmox which virtualizes based on KVM. So "hardware checksum offloading" has to be disabled anyway in your setup.

    0
    L
     1 Reply
  • L

    @viragomann
    Thank you so much again. Everything is working, after disabling the hardware checksum offload. :)

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy