Mac of gateway on lan interface with vmware ESX 3.0.1



  • Hi

    I tried to set up a transparent firewall with pfsense, but without any luck.

    My situation:

    I have a public ip range.
    All of my hosts have an public ip.
    I want to place those hosts behind a pfsense router.
    I create a new virtual switch (sw02) without physical interface connected to it.
    I connect one virtual network from a testhost with public ip to sw02. Then I connected one ethernet card (le1) to the virtual switch sw02( as LAN).
    Then I connected the second virtual networkcard (le0) to the switch that is connected to the nic that has internet access.

    PFsense configuration:
    disabled nat
    allow traffic from lan to any
    allow traffic from any to lan

    I can ping from the testhost to LAN and WAN interface of pfsense, but not any other hosts.
    I can acces the web configuration page of pfsense from the internet.

    I found out that the mac address of our gateway is detected on the wrong network interface.
    The pfsense arp table says that the mac address of our gateway is on the LAN interface instead of the WAN interface



  • I found out the following:

    Packets are ariving at our switch that is connected to our ISP.
    The arp requests are getting an FSC ( Frame Check Sequence  error) when passing to the bridge.
    When I connect the machine directly to the switch everything is ok



  • the frame check error had nothing to do with the fact that virtual machines behind the firewall couldn't connect to the internet.
    The vswitch connected to the public network needed to reconfigured to accept promiscious mode


Log in to reply