4. KVM, libvirt, qemu and dropped connections

KVM, libvirt, qemu and dropped connections

  • T

    Hi. I'm having some trouble with a kind of odd setup of pfsense.

    I have pfsense running on a KVM virtual machine. I have two qemu bridges, the default one that connects pfsense to the internet behind NAT, and another bridge that is isolated from the internet, and acts as a private network for all the other virtual machines.

    When I set up rules to forward TCP ports from the WAN to some LAN guest, the guest receives the SYN packet, replies with the ACK, but the initiator never receives that ACK, so the connection just hangs there. If I initiate an identical connection from within the pfsense shell it works perfectly, as well if I just make the connection at the hypervisor directly to the guest.

    Example rule:

    rdr on em1 proto tcp from any to 10.10.1.245 port 7777 -> 10.10.2.11 port 7777

    When I initiate a 7777 TCP connection to 10.10.1.245 I can see a SYN packet being received on 10.10.2.11, but can't see a SYNACK being received by the initiator (10.10.1.1).

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy