No internet access - 2.2-BETA (amd64)



  • We have a 2.2 install on Xen built on Fri Oct 31 04:59:06 CDT 2014

    We can access the web gui from any machine on the Lan side but we can't access the internet from Lan. Not even a ping reaches the outside.

    The pfSense can reach the internet and is able to install packages and udates.

    Nat rules from outside into Wan can reach the pfSense Lan ip but no other machine connected to Lan.

    All Lan machines have their default gateway properly configured as pfSense Lan ip.

    Firewall logs only show Lan traffic requesting access to the Gui on port 80 but nothing else.

    I've reset to factory defaults but no difference.

    pfSense can ping back to all ips on Lan.

    Anyone any ideas?



  • I dont use Xen so I am not sure about this. Your bug seems so strange and it might be problem in the ethernet layer. How about your adapter config? (like TSO & LRO) is there jumbo packet enabled?



  • Still having this issue after updating to the very latest beta version.

    Jumbo frames aren't enabled but I dont think that's an issue eitheer way because accessing the web Gui works without issue.



  • Hi All

    Can anyone out there throw some light on this issue?

    We have updated to the very latest beta build and still can't get an internet connection on any machines behind this pfSense VM running on Xen.

    Access to the firewall GUI from machines on the LAN is working perfectly and the firewall has a working internet connection and can perform upgrades and install packages etc. but no internet traffic gets passed from and LAN devices.

    Looking at the firewall logs I don't see anything getting logged for ips on the LAN but plenty getting logged from external IPs hitting the firewall.

    Could something be broken in the routing engine in the firewall?


  • Netgate Administrator

    Common causes of this, if it isn't a 2.2beta problem, are a bad subnetmask somewhere, a bad gateway, odd static routes, overlapping subnets.
    Post up something more for us to go on.  :)
    There seems to be some Xen issue with interface types also if this is an upgrade to 2.2. The Xen specific virtual NIC driver is in the kernel for FreeBSD 10 but wasn't in 8.3. What interface type are you running?

    Steve



  • Definitely nothing like a bad gateway or subnet issue.

    This is the config.

    pfSense 2.2 Beta running on Xen4 on CentOS 6.6 x64
    Firewall VM running as "hvm" mode
    Virtual nics appear as xn0 and xn1
    Wan interface - 8x.9x.2x.10
    Wan Subnet - 255.255.255.0 (I have a public /24 for this project)
    Wan GW - 8x.9x.2x.1 (edge router and works fine for a bunch on VMware VMs on the same /24)
    Lan interface - 192.168.12.254
    Lan Subnet - 255.255.255.0

    Default Lan to any rule in place on pfSense
    Completely default config (have rebuilt 3 times already)
    No custom or static routes
    Tried with AON enabled but no difference

    pfSense firewall can connect to internet fine and download updates and packages
    pfSence can ping any external ip addresses on Wan interface without issue.
    pfSense can ping another Xen or VMware Windows VM on Lan 192.168.12.0/24

    Windows VM can ping pfSense Lan ip 192.168.12.254
    Windows VM can access pfSense GUi and manage firewall interface fine
    Windows VM can NOT access internet or ping any ip on the internet (Lan GW - 192.168.12.254)
    Windows VM can not get an ip address from pfSense by DHCP
    pfSense firewall log does not log any traffic for traffic originating on Lan subnet
    pfSense firewall does log any traffic originating on the Wan interface

    I built a pfSense 2.2 Beta VM on VMware on the same Lan subnet and the Windows VM can access the inernet fine.
    I built a Windows VM on VMware on the same Lan subnet pointing to the Xen firewall and the internet does not work. Same issues exhibited as the Xen Windows VM.

    Strange indeed :-)



  • @craggy:

    I built a pfSense 2.2 Beta VM on VMware on the same Lan subnet and the Windows VM can access the inernet fine.
    I built a Windows VM on VMware on the same Lan subnet pointing to the Xen firewall and the internet does not work. Same issues exhibited as the Xen Windows VM.

    Doesn't this point to a problem with the Xen pfSense VM configuration?  If I understand your comment, a pfSense (default install) as a Xen VM does not work, but a pfSense (presumably the same default install) as a Vmware VM does work.  What am I missing?


  • Netgate Administrator

    You might try switching to e1000 NICs since there appears to be some issue with the xn NICs.

    Steve



  • How do I switch to e1000 nics?

    I googled it but can't find anything helpful.


  • Netgate Administrator

    I can't tell you precisely because I don't use Xen but when you setup a VM it gives you a choice as which NIC type to use, emulated or paravirtual. Try using emulated em NICs instead.

    https://forum.pfsense.org/index.php?topic=84255.0

    Steve