5. NAT problem on 2.1 and KVM virtualization

NAT problem on 2.1 and KVM virtualization


  • Hi.

    I've installed 2.1 as a KVM guest because of the support to VirtIO drivers, but I'm experiencing problems with NAT. The same setup with 2.0.2 doesn't suffer the problem.

    My setup is very simple, WAN with single static IP. Setting up pfSense as default gateway on the KVM host machine works for outgoing traffic, but not for incoming: a port forward from the WAN address to the physical machine results in a timeout.
    I tried modifying the forward to another virtual host and doesn't work as well. Redirecting the same port to another physical host on the lan works fine.

    I tried a packet capture of a ssh session from an external ip to the kvm host:

    15:33:07.507212 IP 62.167.X.Y.57474 > PFSENSE_WAN.32122: tcp 0
    15:33:07.507473 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:08.518473 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:10.501582 IP 62.167.X.Y.57474 > PFSENSE_WAN.32122: tcp 0
    15:33:10.501778 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:10.518444 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:14.518462 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:16.512903 IP 62.167.X.Y.57474 > PFSENSE_WAN.32122: tcp 0
    15:33:16.513066 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0
    15:33:22.518485 IP PFSENSE_WAN.32122 > 62.167.X.Y.57474: tcp 0

    The same setup (kvm and so on) with pfSense 2.0.2 works fine.
    Any idea?
    thanks

    ADDENDUM
    the problem seems extended to outgoing TCP connections, as from the kvm host I can ping outside but cannot i.e. lynx/w3m

    0
  • A

    its possible you need to enable/allow some kind of promiscuous mode on the network interfaces of the KVM host and/or the settings for the VM itself

    also i assume you have 2 physical interfaces 1 for lan and 1 for wan? whats the physical setup of your network? and the network settings for your VM host and guests

    0

  • Yes I have two physical interfaces on the host, both with a bridge setup, so the pfSense VM is attached to these two bridges.

    Well, the KVM host looks configured good, in  fact 2.0.2 works. Looks like something related to the newest version.
    I even tried configuring the interfaces using intel/rtl drivers (in kvm setup), so not using virtio, but I still have the problem.

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy