Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    KVM, libvirt, qemu and dropped connections

    Scheduled Pinned Locked Moved Virtualization
    1 Posts 1 Posters 809 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ttsda
      last edited by

      Hi. I'm having some trouble with a kind of odd setup of pfsense.

      I have pfsense running on a KVM virtual machine. I have two qemu bridges, the default one that connects pfsense to the internet behind NAT, and another bridge that is isolated from the internet, and acts as a private network for all the other virtual machines.

      When I set up rules to forward TCP ports from the WAN to some LAN guest, the guest receives the SYN packet, replies with the ACK, but the initiator never receives that ACK, so the connection just hangs there. If I initiate an identical connection from within the pfsense shell it works perfectly, as well if I just make the connection at the hypervisor directly to the guest.

      Example rule:

      rdr on em1 proto tcp from any to 10.10.1.245 port 7777 -> 10.10.2.11 port 7777

      When I initiate a 7777 TCP connection to 10.10.1.245 I can see a SYN packet being received on 10.10.2.11, but can't see a SYNACK being received by the initiator (10.10.1.1).

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.