pfsense vm under proxmox not detecting passed through dual port intel pro 1000 nic.

  • New member here! I've been using pfsense for a good while now and am setting up a vm with version 2.4.5 under proxmox.

    To get all of the basics out of the way: IOMMU is enabled and working, the driver is blacklisted under proxmox, all functions of pcie device 06:00 are passed through to the vm. The nic is visible/detected/working under a test Win10 vm, ubuntu live, etc. Pfsense is the only thing that can't "see" it. When the vm boots, pfsense immediately bails out and shuts down complaining that there are no network devices.

    I gave up on this and went to bed last night and I've been stewing on it ever since. I'm going to try a freebsd install in the same vm and see what that yields but figured I would consult the experts here. I'm thinking the freebsd driver may be all sorts of confuzzled. I will swap pcie slots this evening and try passing through the onboard realtek just to see if it is detected.

    My only real difficulty here is that I have never tinkered with anything freebsd based other than pfsense.

    Any suggestions on where to start?

    Thanks in advance.

  • I was just going through this with a NIC I was trying to pass through from proxmox to pfsense. Uncheck the tick under advanced area "PCIe" when adding device in proxmox.

    hope that helps.

  • @voodooutt

    Actually, I worked it out for myself and literally just came back here to post the results.

    #1: Apparently some versions of FreeBSD in a VM do not like OVMF & Q35 machine types. I used seabios and i440fx instead. I set OS type to "other" instead of linux since there's not a specific option for BSD on proxmox. I ran across some stuff in the freebsd forums talking about 11.1 and other releases of 11.x having various issues under OVMF/Q35 VMs, so I figured I'd stack the deck in my favor.

    #2: I added "blacklist intel" to blacklist.conf to completely disable the NIC in proxmox. BEWARE! This would cause nine kinds of trouble in a server with multiple intel devices! My server has 4x onboard nics, a 10gbe dual port mezzanine card, and nearly everything else is an intel product as well. That addition to blacklist would pretty much render it a boat anchor. The hardware hosting pfsense is an AMD 3800x on a gigabyte board with three different brands of NICs in it: Realtek gigabit onboard (almost worthless, IMO), the dual port pro 1000 intel card passed through to pfsense, and a solarflare dual port 10gbe card. This step is not strictly necessary because it does work without it, but I wanted the LEDs on the NIC and switch off unless pfsense was up and active for troubleshooting purposes.

    #3: Pass the NIC though to pfsense as normal. Since the machine type is i440fx, the PCIe checkbox is greyed out.

    After I completed that, it came right up and I was able to get bare metal equivalent throughput and cpu load while hammering the snot out of it. I was getting absolutely terrible throughput with every other method I tried but this is slightly faster than my current pfsense installation running on bare metal.

    speedtest.jpg cpuload.jpg

Log in to reply