4. CentOS KVM - Pfsense communication problem on LAN virtual network

CentOS KVM - Pfsense communication problem on LAN virtual network

  • G

    Hello,

    I am using pfsense_2.1 on CentOS KVM with 1 physical NIC (bridge mode) and two virtual NIC (I have tried e1000, virtio, …).
    Pfsense is configured:
    1. LAN is on a virtual network - 1 virtual centOS00 is connected on it (GATEWAY - PfsenseLAN ip)
    2. WAN is on a virtual network - 1 virtual centOS01 is connnected on it (GATEWAY - PfsenseWAN ip)
    3. OPT1 is on bridged physical NIC - connection with outside world

    After initial configuration everything works fine. I can ping from LAN (CentOS00) to WAN network(CentOS01). Defaul LAN rules passes the ping.
    The problem is when i restart virtual server in LAN (CentOS00). After that I can not ping WAN interface, or OPT interface, or virtual mashine in WAN/OPT network.
    I thing that the problem is routin in LAN->WAN/OPT, because if I configure the LAN network again (web configurator or console - set ip address) then I can again ping from LAN->WAN/OPT.
    I have used pfsense on VMware and did not have this kind a problem. Maybe I must use other drivers for pfsense !?
    Please help,
    Kind regards, Goran

    0
  • Netgate Administrator

    Your configuration seems a bit odd though not perhaps entirely unreasonable. What are you doing with this setup?

    I would normally expect the WAN interface to be the connection with the outside world.

    Steve

    0
  • G

    Yes, but I need zoning with three network zones. When I get this to work, next step is to put
    another PfSense that will be infront of this one and WAN interface of the second PfSense will be connection to the internet.
    When I do that I will have three network zones.
    Regards,
    Goran

    0
  • Netgate Administrator

    Ok. You can almost certainly do whatever it is you're trying to accomplish with one pfSense instance and multiple NICs.

    Why do you not have the WAN interface bridged to the physical NIC? Unless you have changed the default config all outgoing traffic is routed via the WAN. This isn't going to work if WAN has no connectivity.

    I would use e1000 virtual NICs unless you need something provided by the virtio driver. There are a number of threads on getting that working.

    I assume you have different subnets on each interface?

    Please give more details on your IP setup. A diagram would probably help a lot here.

    Steve

    0
  • G

    Hi Steve,
    Thank you for the reply.
    the issue is solved. The problem was the same as in this topic:
    http://forum.pfsense.org/index.php?topic=51817.0

    In short, i did not know that when you create VLAN on KVM, then the VLAN use first available address from that network. In my
    case that was 172.16.1.1. I use that address on the FW LAN interface. Because of that I have had ip conflict that made mess with arp tables.

    Regards, Goran

    0
  • Netgate Administrator

    Ah, OK. Glad you resolved it.  :)

    Steve

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy