Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtualized PFsense - host (linux) cannot ping Pfsense Wan Interface (and vice-versa) - Not rule related

    Scheduled Pinned Locked Moved Virtualization
    15 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      spyshagg @viragomann
      last edited by spyshagg

      @viragomann

      Ping fails but traceroute succeeds

      alt text

      Edit: nevermind, both fail. I misread the result.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann @spyshagg
        last edited by

        @spyshagg
        When there are no packets on the WAN interface, there is not really much you can do from the view of pfSense, except the VM configuration.

        Did you obey the set up instruction for virtualized platforms from the pfSense docs?

        S 1 Reply Last reply Reply Quote 0
        • S
          spyshagg @viragomann
          last edited by

          @viragomann said in Virtualized PFsense - host (linux) cannot ping Pfsense Wan Interface (and vice-versa) - Not rule related:

          @spyshagg
          When there are no packets on the WAN interface, there is not really much you can do from the view of pfSense, except the VM configuration.

          Did you obey the set up instruction for virtualized platforms from the pfSense docs?

          Yes.

          But its odd that ping works on the LAN interface but not on WAN, when both interfaces are setup the same on KVM/Virtualbox.

          V 1 Reply Last reply Reply Quote 0
          • P
            Patch @spyshagg
            last edited by

            @spyshagg said in Virtualized PFsense - host (linux) cannot ping Pfsense Wan Interface (and vice-versa) - Not rule related:

            The host and the guest also share the same LAN interface (bridged)

            Hypervisor access from the lan sounds normal to me. It also sounds like this is working.

            @spyshagg said in Virtualized PFsense - host (linux) cannot ping Pfsense Wan Interface (and vice-versa) - Not rule related:

            The host and the guest share the same WAN interface (bridged)

            Why are you doing that. Most setups want the hypervisor only directly accessible from the lan interface and often only the lan management interface. If you need hypervisor access from the internet then via vpn on your router makes more sense to me.

            I suspect your hypervisor is blocking wan access by default.

            S 1 Reply Last reply Reply Quote 0
            • V
              viragomann @spyshagg
              last edited by

              @spyshagg said in Virtualized PFsense - host (linux) cannot ping Pfsense Wan Interface (and vice-versa) - Not rule related:

              But its odd that ping works on the LAN interface but not on WAN

              Indeed. Are both networks configured properly on all involved devices?

              Also ensure that the packets on the host are going out on the correct interface by sniffing the traffic.

              1 Reply Last reply Reply Quote 0
              • S
                spyshagg @Patch
                last edited by

                @patch said in Virtualized PFsense - host (linux) cannot ping Pfsense Wan Interface (and vice-versa) - Not rule related:

                Why are you doing that. Most setups want the hypervisor only directly accessible from the lan interface and often only the lan management interface. If you need hypervisor access from the internet then via vpn on your router makes more sense to me.

                I suspect your hypervisor is blocking wan access by default.

                Its a last desperate measure. Sometimes one of the virtual nics stops passing traffic into Pfsense. Sometimes Wan, sometimes Lan.
                I am building a watchdog that runs on the host to ping both pfsense interfaces and reset the VM if they fail.

                V P 2 Replies Last reply Reply Quote 0
                • V
                  viragomann @spyshagg
                  last edited by

                  @spyshagg said in Virtualized PFsense - host (linux) cannot ping Pfsense Wan Interface (and vice-versa) - Not rule related:

                  Sometimes one of the virtual nics stops passing traffic into Pfsense. Sometimes Wan, sometimes Lan.
                  I am building a watchdog that runs on the host to ping both pfsense interfaces and reset the VM if they fail.

                  It would be better to eliminate the real reason for this than doing a workaround by restarting the VM.

                  S 1 Reply Last reply Reply Quote 0
                  • S
                    spyshagg @viragomann
                    last edited by

                    @viragomann said in Virtualized PFsense - host (linux) cannot ping Pfsense Wan Interface (and vice-versa) - Not rule related:

                    @spyshagg said in Virtualized PFsense - host (linux) cannot ping Pfsense Wan Interface (and vice-versa) - Not rule related:

                    Sometimes one of the virtual nics stops passing traffic into Pfsense. Sometimes Wan, sometimes Lan.
                    I am building a watchdog that runs on the host to ping both pfsense interfaces and reset the VM if they fail.

                    It would be better to eliminate the real reason for this than doing a workaround by restarting the VM.

                    sadly its not physically possible.

                    1 Reply Last reply Reply Quote 0
                    • P
                      Patch @spyshagg
                      last edited by

                      @spyshagg
                      Yuk

                      As a desperate measure I would prefer:

                      • using pass through NICs for pfsense.
                      • Monitoring the interfaces within pfsense and
                      • resetting them via an pfsense watchdog / interface monitor if required.

                      But whatever works

                      S 1 Reply Last reply Reply Quote 0
                      • S
                        spyshagg @Patch
                        last edited by

                        @patch said in Virtualized PFsense - host (linux) cannot ping Pfsense Wan Interface (and vice-versa) - Not rule related:

                        @spyshagg
                        Yuk

                        As a desperate measure I would prefer:

                        • using pass through NICs for pfsense.
                        • Monitoring the interfaces within pfsense and
                        • resetting them via an pfsense watchdog / interface monitor if required.

                        But whatever works

                        Hardware and software configuration are not possible at this point. The problem manifested itself 3 full weeks after deployment and not in the 2 weeks of internal testing prior to deployment.

                        A simple reset does not fix the issue. The vm must be shutdown and restarted.

                        It appears the problem is indeed with the hypervisor blocking packets.

                        thank guys

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.