NAT problem on 2.1 and KVM virtualization

2.1 Snapshot Feedback and Problems - RETIRED
Log in to reply
  • maxxer

    Hi.

    I've installed 2.1 as a KVM guest because of the support to VirtIO drivers, but I'm experiencing problems with NAT. The same setup with 2.0.2 doesn't suffer the problem.

    My setup is very simple, WAN with single static IP. Setting up pfSense as default gateway on the KVM host machine works for outgoing traffic, but not for incoming: a port forward from the WAN address to the physical machine results in a timeout.
    I tried modifying the forward to another virtual host and doesn't work as well. Redirecting the same port to another physical host on the lan works fine.

    I tried a packet capture of a ssh session from an external ip to the kvm host:

    15:33:07.507212 IP 62.167.X.Y.57474 > PFSENSE_WAN.32122: tcp 0
    15:33:07.507473 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:08.518473 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:10.501582 IP 62.167.X.Y.57474 > PFSENSE_WAN.32122: tcp 0
    15:33:10.501778 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:10.518444 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:14.518462 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:16.512903 IP 62.167.X.Y.57474 > PFSENSE_WAN.32122: tcp 0
    15:33:16.513066 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:22.518485 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0

    The same setup (kvm and so on) with pfSense 2.0.2 works fine.
    Any idea?
    thanks

    ADDENDUM
    the problem seems extended to outgoing TCP connections, as from the kvm host I can ping outside but cannot i.e. lynx/w3m

    0
  • A

    its possible you need to enable/allow some kind of promiscuous mode on the network interfaces of the KVM host and/or the settings for the VM itself

    also i assume you have 2 physical interfaces 1 for lan and 1 for wan? whats the physical setup of your network? and the network settings for your VM host and guests

    0
  • maxxer

    Yes I have two physical interfaces on the host, both with a bridge setup, so the pfSense VM is attached to these two bridges.

    Well, the KVM host looks configured good, in  fact 2.0.2 works. Looks like something related to the newest version.
    I even tried configuring the interfaces using intel/rtl drivers (in kvm setup), so not using virtio, but I still have the problem.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy