1st time xenserver install help
-
Hello, first time post, long time reader.
I have been using pfSense for about 6 months and have grown to love it. As I upgraded hardware, I decided to take a stab at virtualization and have run into a snag.
I have xenserver set up fine, Have also added pfsense to the pool & have access. Throughput is fine. I have, however, ran into a snag on accessing the xencenter in order to modify the server.
The server for xen is 192.168.1.2/24 w/ gateway of 192.168.1.1
The pfsense is setup as 192.168.1.1/24The NICs setup on pfsense are xn0 for wan/ xn1 for lan. These two are using the physical em0/em1 in the server. I also have an additional re0 that is not used on the network.
Playing with Firewall rules I have been able to get access, however it only lasts about 20 seconds prior to disconnecting (during these times the xen server has responded to pings, though not when I am unable to connect to it via the xencenter).
No other VM's working (as I want to be able to manage it over lan thru the pfsense if possible). I know this is probably something simple as a firewall rule or NAT, I'm just at a loss and have not found any results after hours of searching.
This is simply a home build, nothing critical, however this is something I am hoping to figure out with some help. I appreciate your time
-
What IP, netmasks and gateway do you have for your pfSense WAN and LAN?
-
WAN is setup as PPPoE & pulls ip from the provider, LAN is static 192.168.1.1/24
The Xenserver is setup for an IP of 192.168.1.2/24 w/ a Gateway of 192.168.1.1/24
-
I'm not clear on how you have this wired and what you're trying to do. Your main problem is that you can't get reliable access to Xenserver? From what client are you making your attempts?
-
I apologize, the xenserver has 3 NIC's, 1 to the modem, another to a Ubiquiti accesspoint, 1 open.
Normal pfsense webclient access is over wifi (unfortunately where the dsl comes in I am currently physically unable to run cat6 to my main computer).
So my pfsense instance does DHCP for the network, & I have internet/lan access just fine.
My hope is to be able to access the server via their client, xencenter over wifi to be able to make changes should I need (mostly to check logs, etc). However the computer I am attempting to connect to the xenserver through their client is unable to reach the network. This computer is getting its IP via DHCP from the pfsense instance that is running on the xenserver.
I know it is terrible practice to be doing admin changes on pfsense/ xenserver over wifi, unfortunately it is what I have to do for now, unless I want to physically move the server w/out internet to do changes then reconnect dsl/wifi to it.
Currently I have admin roles of xen assigned to the open port, to which I can directly connect to my main computer w/ xencenter to make changes. I had attempted to use the same NIC that pfsense uses for LAN (in which my ubiquiti is connected to), however it doesn't seem to like that (possibly due to pfsense instance using that NIC on 192.168.1.1 & xenserver using same NIC as 192.168.1.2 w/ a gateway of 192.168.1.1)
-
OK, so your pfSense LAN is 192.168.1.1/24. You have it doing DHCP for your wireless clients. Xenserver is at 192.168.1.2. What IP address, netmask, gateway and DNS does the client receive? You should have no problems going to client to client within the same network. pfSense doesn't even come into the equation. Could this be a local firewall issue on the client?
-
The client computer I am attempting to connect to xen from is 192.168.1.5/24 w/ 192.168.1.1 gateway.
I am unable to ping the xenserver from either the computer or within the web interface from the pfsense instance. I have turned off the local firewall on the machine I am attempting to connect from as well.
I appreciate your help!
-
Can the .5 client ping the pfSense LAN at .1? When clients are on the same network, they don't need to go through a router to get to their destination which is why I said that pfSense isn't part of this problem. That's also why I suspect that the Xenserver just doesn't respond to pings. Nothing to do with pfSense since the traffic isn't being passed between pfSense's interfaces.
-
You're correct. As I was digging deeper, I read apparently that a VM cannot access/ping the server (security). Being that I am connecting to the network via wifi (and through pfsense) I am unable to get through to the server. Connecting directly to the physical NIC, I am able to modify just fine.
I appreciate your help, This is definitely a learning process.
-
You are having the shmem-offloading-bug. See https://forum.pfsense.org/index.php?topic=88467.0 (I actually spelled IMPORTANT all-caps in there for a reason :p hah. )
The commands you want for XenServer are the 'xe' commands. Don't reboot pfSense, but shutdown and freshly start the VM after updating the settings. You can use ethtool to test it without rebooting the VM.
