Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to port forward, PFSense 2.2.4, XenServer 6.5.0 w/TX offload disabled.

    Scheduled Pinned Locked Moved NAT
    2 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thedarb
      last edited by

      Cant get port forwarding to work for the life of me today.

      PFSense 2.2.4
      XenServer 6.5.0-90233c (xenenterprise)

      Followed instructions found here:
      "IMPORTANT: Xen/KVM networking will not work on 2.2 using default hypervisor settings!"
      https://forum.pfsense.org/index.php?topic=88467.0

      Permanent disable set via:
      Then modify those VIF UUID's with this settings:

      [root@vm007 scripts]# xe vif-list vm-name-label="XXXX-Router"
      uuid ( RO)            : 0cf077ef-372e-3dd9-1df4-89ae481b50b2
              vm-uuid ( RO): 0a3e780c-0575-4f5e-2f1b-0b235d6d3f25
                device ( RO): 0
          network-uuid ( RO): f31b94e5-6e0c-27be-3ace-89e108b19754

      uuid ( RO)            : 14f0441c-f478-febd-db07-e6bad73fd1c6
              vm-uuid ( RO): 0a3e780c-0575-4f5e-2f1b-0b235d6d3f25
                device ( RO): 1
          network-uuid ( RO): 02cc5df6-7288-35be-da00-692c7462feae

      uuid ( RO)            : fce7c595-7885-102f-c934-5bb761f0b7cb
              vm-uuid ( RO): 0a3e780c-0575-4f5e-2f1b-0b235d6d3f25
                device ( RO): 2
          network-uuid ( RO): 69bffc0e-0a05-dbf1-f69b-a7fad0ff6151

      [root@vm007 scripts]# xe vif-param-set uuid=0cf077ef-372e-3dd9-1df4-89ae481b50b2 other-config:ethtool-tx="off"
      [root@vm007 scripts]# xe vif-param-set uuid=14f0441c-f478-febd-db07-e6bad73fd1c6 other-config:ethtool-tx="off"
      [root@vm007 scripts]# xe vif-param-set uuid=fce7c595-7885-102f-c934-5bb761f0b7cb other-config:ethtool-tx="off"

      All hardware offloading also disabled in PFSense via System:Advanced:Networking.

      Can't make a simple port forward for ssh work:

      NAT rule:
      WAN:TCP:::*:2220:10.25.129.20:22:App01

      Associated Firewall rule:
      :IPv4:*:*10.25.129.20:22:8:none: :NAT App01

      10.25.129.20 can ping router (on LAN 10.25.129.254)
      Router can ping 10.25.129.20

      My system can ssh into router.
      Shell on router can ssh to 10.25.129.20.

      My system cannot ssh into 10.25.129.20 via:
      ssh xxxx@router-ip -p 2220

      Nor can my system telnet to the port:
      telnet router-ip 2220

      Both just time out.

      I try to watch the pf log, but it's getting overrun with multicast traffic on the corp net (WAN)… so I can't see what's happening.

      What am I doing wrong?
      vifs.txt

      1 Reply Last reply Reply Quote 0
      • T
        thedarb
        last edited by

        Is there no one who can help?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.