Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT problem on 2.1 and KVM virtualization

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • maxxerM
      maxxer
      last edited by

      Hi.

      I've installed 2.1 as a KVM guest because of the support to VirtIO drivers, but I'm experiencing problems with NAT. The same setup with 2.0.2 doesn't suffer the problem.

      My setup is very simple, WAN with single static IP. Setting up pfSense as default gateway on the KVM host machine works for outgoing traffic, but not for incoming: a port forward from the WAN address to the physical machine results in a timeout.
      I tried modifying the forward to another virtual host and doesn't work as well. Redirecting the same port to another physical host on the lan works fine.

      I tried a packet capture of a ssh session from an external ip to the kvm host:

      15:33:07.507212 IP 62.167.X.Y.57474 > PFSENSE_WAN.32122: tcp 0
      15:33:07.507473 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
      15:33:08.518473 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
      15:33:10.501582 IP 62.167.X.Y.57474 > PFSENSE_WAN.32122: tcp 0
      15:33:10.501778 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
      15:33:10.518444 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
      15:33:14.518462 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
      15:33:16.512903 IP 62.167.X.Y.57474 > PFSENSE_WAN.32122: tcp 0
      15:33:16.513066 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
      15:33:22.518485 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0

      The same setup (kvm and so on) with pfSense 2.0.2 works fine.
      Any idea?
      thanks

      ADDENDUM
      the problem seems extended to outgoing TCP connections, as from the kvm host I can ping outside but cannot i.e. lynx/w3m

      1 Reply Last reply Reply Quote 0
      • A
        anthonysomerset
        last edited by

        its possible you need to enable/allow some kind of promiscuous mode on the network interfaces of the KVM host and/or the settings for the VM itself

        also i assume you have 2 physical interfaces 1 for lan and 1 for wan? whats the physical setup of your network? and the network settings for your VM host and guests

        1 Reply Last reply Reply Quote 0
        • maxxerM
          maxxer
          last edited by

          Yes I have two physical interfaces on the host, both with a bridge setup, so the pfSense VM is attached to these two bridges.

          Well, the KVM host looks configured good, in  fact 2.0.2 works. Looks like something related to the newest version.
          I even tried configuring the interfaces using intel/rtl drivers (in kvm setup), so not using virtio, but I still have the problem.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.