Stupid problem - NAT not working just after default installation - RESOLVED



  • Hello,
    I have spent a lot of time trying to setup pfSense in Proxmox VE, it seemed to be simple task, but it is not unfortunately…
    pfSense run as the simplest virtual machine. Installation went smoothly, after all those hours I at least know what not work, but I cannot find any solution for that.
    I applied all customizations which I found - I turned off TX Offload (in pfSense and in Proxmox host), disabled rp_filter in Proxmox, tried to set set up LAN and WAN as VLANs on single NIC, on different NICs, tried to set LAN & WAN without VLANs, just on bridge to eth, result is always the same. I also tried to make manual NAT rules in pfSense, without success.
    Ping from shell or webconfigurator using default or WAN interface works as expected. It is seen on external machine with pfSense external IP address.
    Ping from machine in LAN to pfSense LAN - of course works.
    Ping from chine in LAN to pfSense WAN - also works.
    Ping from LAN (machine connected to LAN interface or from webconfigurator using LAN output interface) does not reply, that is seen with internal (LAN) address, so my conclusion is that pfSense does not do NAT.
    See attachments, I have rules for NAT, rules for outbound traffic from LAN set up - those are default after clean installation. IP Legend:
    10.1.103.101 - host connected to pfSense LAN (via vmbr in Proxmox)
    10.1.103.251 - pfSense LAN
    xx.yy.zz.253 - pfSense WAN
    xx.yy.zz.250 - another machine in xx.yy.zz subnet, where I run iptraf to check ICMP traffic.

    Maybe someone has a solution for that or comes into same problem?

    Many thanks,
    Artur





  • I finally find out the solution  ::)
    After hours I checked eventually that I had turned off virtualization in test machine I used - it seems that not everything working with this turned off. When virtualization in BIOS was set to off NAT does not work, with virtualization On - it works without problems.
    Strange for me, but true.
    Best,
    Artur



  • Weird.  Most modern hypervisors will complain loudly if the virtualization extensions aren't enabled.