Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with pfsense/vmware/vlans

    Scheduled Pinned Locked Moved Virtualization
    4 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tom0123
      last edited by

      Hi Everyone,

      I'm trying to get pfsense running in transparent mode in a vmware esxi 5.5 environment using vlans without much success.

      I've created a port group in esxi 5.5 passing all vlans to the pfsense virtual machine (using vlan id 4095) and enabled promiscuous mode on that port group. I also set Net.ReversePathFwdCheckPromisc to 1.

      I then installed pfsense and started assigning vlans. However, I have found that with promiscuous mode enabled, I can't ping anything from the shell of pfsense (or allow inbound). If I disable it, I can do those functions, but I can't get traffic to pass over the bridge. (I.e i can't ping devices on the internal vlan, but the arp table is setting their mac addresses)

      Thoughts?

      Ideally, I also want to put this in HA mode (yes, I know we should look at NAT)

      Thoughts? Recommendations are greatly appreciated.

      Thanks!

      UPDATE: I lose connectivity as soon as the bridge is enabled. if I down the bridge, within a few seconds, I can then ping (from the pfsense vm) the devices on both sides.

      Tom

      1 Reply Last reply Reply Quote 0
      • R
        Raiker
        last edited by

        I use vlans for my net connections and i have them as physical interfaces on the vm. I mean, vmware tags and untags the traffic and pfSense doesn't know or care what vlan it's talking to. Do you have many vlans where having so many network adapters would be cumbersome?

        1 Reply Last reply Reply Quote 0
        • T
          tom0123
          last edited by

          All, this was resolved by using two vmware interfaces to send the traffic in and out (i.e. one port group with all vlans for "in" traffice and one port group for all "out").

          I guess trying to move everything over the one interface caused the vmware layer 2 protection to kick in.

          1 Reply Last reply Reply Quote 0
          • N
            Nicklas
            last edited by

            If you try without vlans in your config is the bridge mode working?

            Not sure why you would use Net.ReversePathFwdCheckPromisc to 1 as this is discussed in VMware forum where vswitches are somehow linked. http://www.chriscolotti.us/vmware/vsphere/interesting-vmware-vswitch-advanced-setting/

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.