Unable to port forward, PFSense 2.2.4, XenServer 6.5.0 w/TX offload disabled.



  • Cant get port forwarding to work for the life of me today.

    PFSense 2.2.4
    XenServer 6.5.0-90233c (xenenterprise)

    Followed instructions found here:
    "IMPORTANT: Xen/KVM networking will not work on 2.2 using default hypervisor settings!"
    https://forum.pfsense.org/index.php?topic=88467.0

    Permanent disable set via:
    Then modify those VIF UUID's with this settings:

    [root@vm007 scripts]# xe vif-list vm-name-label="XXXX-Router"
    uuid ( RO)            : 0cf077ef-372e-3dd9-1df4-89ae481b50b2
            vm-uuid ( RO): 0a3e780c-0575-4f5e-2f1b-0b235d6d3f25
              device ( RO): 0
        network-uuid ( RO): f31b94e5-6e0c-27be-3ace-89e108b19754

    uuid ( RO)            : 14f0441c-f478-febd-db07-e6bad73fd1c6
            vm-uuid ( RO): 0a3e780c-0575-4f5e-2f1b-0b235d6d3f25
              device ( RO): 1
        network-uuid ( RO): 02cc5df6-7288-35be-da00-692c7462feae

    uuid ( RO)            : fce7c595-7885-102f-c934-5bb761f0b7cb
            vm-uuid ( RO): 0a3e780c-0575-4f5e-2f1b-0b235d6d3f25
              device ( RO): 2
        network-uuid ( RO): 69bffc0e-0a05-dbf1-f69b-a7fad0ff6151

    [root@vm007 scripts]# xe vif-param-set uuid=0cf077ef-372e-3dd9-1df4-89ae481b50b2 other-config:ethtool-tx="off"
    [root@vm007 scripts]# xe vif-param-set uuid=14f0441c-f478-febd-db07-e6bad73fd1c6 other-config:ethtool-tx="off"
    [root@vm007 scripts]# xe vif-param-set uuid=fce7c595-7885-102f-c934-5bb761f0b7cb other-config:ethtool-tx="off"

    All hardware offloading also disabled in PFSense via System:Advanced:Networking.

    Can't make a simple port forward for ssh work:

    NAT rule:
    WAN:TCP:::*:2220:10.25.129.20:22:App01

    Associated Firewall rule:
    :IPv4:*:*10.25.129.20:22:8:none: :NAT App01

    10.25.129.20 can ping router (on LAN 10.25.129.254)
    Router can ping 10.25.129.20

    My system can ssh into router.
    Shell on router can ssh to 10.25.129.20.

    My system cannot ssh into 10.25.129.20 via:
    ssh xxxx@router-ip -p 2220

    Nor can my system telnet to the port:
    telnet router-ip 2220

    Both just time out.

    I try to watch the pf log, but it's getting overrun with multicast traffic on the corp net (WAN)… so I can't see what's happening.

    What am I doing wrong?
    vifs.txt



  • Is there no one who can help?