Cannot pass traffic to WAN interface
DeMiNe0 last edited by
I'm setting up a test lab with several vlans using ESXi 6.0, a small managed switch and pfsense virtualized on top of ESXi. I'm having an issue reaching anything on the outside of the WAN interface from my LAN interface and any of the VLAN interfaces that were created off my LAN interface.
Within ESXi I have two vSwitches created; vSwitch0 and vSwitch1. vSwitch0 contains my pfsense WAN port and uplinks to the physical adaptor that connected into my external network. My external network is a private subnet in my works network. It provides my pfsense with internet access. My WAN interface has a static IP in the 172.16.x.x subnet. I made sure not to block private or bogon networks in the WAN interface config. From my pfSense shell I can ping any IP on the WAN interface.
vSwitch1 has several port groups:
LAN, which has it's vlan value set to "ALL (4095)" The parent pfsense interface to all my vlans is assigned to this group.
MGT1, which has it's vlan value set to 2200
SEC1, which has it's vlan value set to 2210
DMZ1, which has it's vlan value set to 2220
STG1, which has it's vlan value set to 2230
vSwitch1 is attached to the physical adaptor on the host that's connected to a small managed switch.
In pfsense I have a LAN interface setup without any VLANs assigned to it. I created a vlan with LAN as the parent interface for 2200 through 2230.
Inter-vlan routing works within and between vlans. I tested this by turning packet filtering OFF on pfsense to rule out the firewall rules from causing issues. EVen with packet filtering completely off, I am still unable to reach the outside. Since packet filtering also turns off NAT, I figured maybe nat translation wasn't being done and therefor wasn't going outside of the WAN interface. I turned packet filtering back on, and made a rule in each of my LAN/VLAN zones to allow ALL to destination "ANY" for ANY protocol. I also made sure outbound nat was set to automatic. This still didn't fix the issue.
open-vm-tools is installed, and the routing table looks fine as well. Now I'm pretty much stumped as to what it could be. Any idea's on what to try next? I'm including screenshots of my configs here for your reference.
DeMiNe0 last edited by
I found the fix to my issue. The issue was being compounded by one of my troubleshooting steps. When I disabled packet filtering to verify that it wasn't the firewall rules causing the issue, outbound nat would also be turned off, which won't allow traffic through the wan. The firewall rules I had were only allowing TCP to flow. I was troubleshooting using PING with is ICMP.