Unable to port forward, PFSense 2.2.4, XenServer 6.5.0 w/TX offload disabled.

  • Cant get port forwarding to work for the life of me today.

    PFSense 2.2.4
    XenServer 6.5.0-90233c (xenenterprise)

    Followed instructions found here:
    "IMPORTANT: Xen/KVM networking will not work on 2.2 using default hypervisor settings!"

    Permanent disable set via:
    Then modify those VIF UUID's with this settings:

    [root@vm007 scripts]# xe vif-list vm-name-label="XXXX-Router"
    uuid ( RO)            : 0cf077ef-372e-3dd9-1df4-89ae481b50b2
            vm-uuid ( RO): 0a3e780c-0575-4f5e-2f1b-0b235d6d3f25
              device ( RO): 0
        network-uuid ( RO): f31b94e5-6e0c-27be-3ace-89e108b19754

    uuid ( RO)            : 14f0441c-f478-febd-db07-e6bad73fd1c6
            vm-uuid ( RO): 0a3e780c-0575-4f5e-2f1b-0b235d6d3f25
              device ( RO): 1
        network-uuid ( RO): 02cc5df6-7288-35be-da00-692c7462feae

    uuid ( RO)            : fce7c595-7885-102f-c934-5bb761f0b7cb
            vm-uuid ( RO): 0a3e780c-0575-4f5e-2f1b-0b235d6d3f25
              device ( RO): 2
        network-uuid ( RO): 69bffc0e-0a05-dbf1-f69b-a7fad0ff6151

    [root@vm007 scripts]# xe vif-param-set uuid=0cf077ef-372e-3dd9-1df4-89ae481b50b2 other-config:ethtool-tx="off"
    [root@vm007 scripts]# xe vif-param-set uuid=14f0441c-f478-febd-db07-e6bad73fd1c6 other-config:ethtool-tx="off"
    [root@vm007 scripts]# xe vif-param-set uuid=fce7c595-7885-102f-c934-5bb761f0b7cb other-config:ethtool-tx="off"

    All hardware offloading also disabled in PFSense via System:Advanced:Networking.

    Can't make a simple port forward for ssh work:

    NAT rule:

    Associated Firewall rule:
    :IPv4:*:* :NAT App01 can ping router (on LAN
    Router can ping

    My system can ssh into router.
    Shell on router can ssh to

    My system cannot ssh into via:
    ssh xxxx@router-ip -p 2220

    Nor can my system telnet to the port:
    telnet router-ip 2220

    Both just time out.

    I try to watch the pf log, but it's getting overrun with multicast traffic on the corp net (WAN)… so I can't see what's happening.

    What am I doing wrong?

  • Is there no one who can help?

Log in to reply