Issue with 2.2.4 and interface configurations.



  • Hi all..  here are the issues im having..

    Context:

    one pfsense 2.2.4 64bit KVM vm on ProxMox 3.x.

    Five NIC's, wit E1K/e1000 1g ports, on five lans, 1 untagged four tagged lans. ( We have pfSense virtual firewalls on the same hypervisor which work fine but are using older versions of pfsense)

    Here's what's  I'm trying to do :

    I have installed pfsense 2.2.4 on the kvm VM without issue, but i have run into problems with nic config.

    with 5 nics ( em0-em3),  ( of which 1 is not tagged as its my office/build lan interface (em3 )-  i can configure it fine,  then I configure each of the additional interfaces via the WebGui and after configuring em2, the web interface times out and i have to use the kvm text cmd line to change the active interface as 'wan' despite the interfaces/ip being correct, once i've done this via the cmd line and reboot, the interfaces 'appear' to be configured but nothing is able to connect, so i again change the active wan to em4 and it configures that nic but removes all the configuration i setup for em0-em3 - - none of these interfaces have a default gw, only em4 - which is my build lan.

    its been driving me mad and my colleague who's looked at it, and used to building pfsense boxes says it shouldn't do this

    Nor am i able to successfully reconfigure the additional interfaces once the web configuration ui resets  - the attached image shows what the cmd line configuration looks like, but when i re-assigned the wan to em3, then it messes up my config and i have to start over again.
    ![Screen Shot 2015-10-21 at 12.00.10.png](/public/imported_attachments/1/Screen Shot 2015-10-21 at 12.00.10.png)
    ![Screen Shot 2015-10-21 at 12.00.10.png_thumb](/public/imported_attachments/1/Screen Shot 2015-10-21 at 12.00.10.png_thumb)



  • @DerekTheGiraffe:

    … but when i re-assigned the wan to em3, then it messes up my config and i have to start over again.

    Why not just leave WAN on em1??

    You could also consider delivering the vlan trunks directly into pfSense, then you'd only need a pair of ports, and em0 becomes a trunked interface with vlans for each of networks you're trying to create.

    You end up with something like this:
    *** Welcome to pfSense 2.2.4-RELEASE-pfSense (amd64) on portal-vm ***

    WAN (wan)      -> em1        -> v4: 72.XXXXXXXXXX/29
    LAN (lan)      -> em0        -> v4: 10.2.94.48/23
                                      v6: XXXXXXXXXX:8bbe:1::1/64
    VOICE (opt1)    -> em0_vlan2  -> v4: 10.2.93.1/24
                                      v6: XXXXXXXXXX:8bbe:2::1/64
    GUEST (opt2)    -> em0_vlan3  -> v4: 172.29.4.1/24
                                      v6: XXXXXXXXXX:8bbe:3::1/64
    LAB (opt4)      -> em0_vlan4  -> v4: 10.2.96.1/24
                                      v6: XXXXXXXXXX:8bbe:4::1/64
    RWNET (opt5)    -> em0_vlan5  -> v4: 10.2.91.1/24
                                      v6: XXXXXXXXXX:8bbe:5::1/64
    HENETV6 (opt6)  -> gif0      -> v6: XXXXXXXXXXXXXXXXXXX::2/128
    KIDZ (opt7)    -> em0_vlan7  -> v4: 10.2.97.1/24
                                      v6: XXXXXXXXXX:8bbe:7::1/64
    0) Logout (SSH only)                  9) pfTop

    1. Assign Interfaces                10) Filter Logs
    2. Set interface(s) IP address      11) Restart webConfigurator
    3. Reset webConfigurator password    12) pfSense Developer Shell
    4. Reset to factory defaults        13) Upgrade from console
    5. Reboot system                    14) Disable Secure Shell (sshd)
    6. Halt system                      15) Restore recent configuration
    7. Ping host                        16) Restart PHP-FPM
    8. Shell

    Enter an option:

    –A.


  • Banned

    Not sure what are you trying to do with VLANs on pfSense when you have configured none there. You have some PEBKAC misconfiguration issue on your (virtual???) switch.



  • AWebster: thanks for your reply.. the reason wan is currently on em3 is because this hardware and platform will be moved to a data centre at some point soon, and em0 will be WAN… im just waiting for the IP details from our network provider until everything is confirmed.

    I configured the nic's in pfsense as per cmd line which was in the screen shot i attached to my original post.

    regarding vlans, my proxMox presents the tagged vlan ports straight into the kvm guest which pfsense is running on by way of each of the nics, em0-3. I didn't see any reason to bring the vlan's straight into pfsense.

    Doktornotor : This 'PEBAK' you speak of - is possible because the 'physical switch' we're actually using to plug the two physical hypervisor servers (proxmox) only turned up this morning and I was trying to do as much 'config' on what I currently had available...

    thanks tho.. will update asap


Log in to reply