NAT and pfSense

G

gpw928

New Member
Nov 27, 2017
2
0
1
71
Hi,

Please forgive me if this is slightly off topic, but the synergy is strong...

I have a KVM server running Debian 9.2.

There are two guests, one straight FreeBSD 11.1, the other pfSense 2.4.2 (also FreeBSD 11.1).

The KVM server has a NIC on the local LAN, and it's got a software bridge (br0) to allow the server and all the guests to communicate with each other on the LAN.

The pfSense firewall is working fine for all LAN resident clients not associated with the bridge on the KVM server. For the KVM server and the straight FreeBSD 11.1 system only, I can see TCP connections to the Internet start with a SYN packet out the default gateway, enter the pfSense firewall via the bridge, and be re-transmitted out the WAN. Then I see several re-transmissions of the SYN packet before the connection times out. The expected SYN/ACK response never arrives. NAT (or masquerading) appears to be not working for hosts connected to the bridge.

Anyone seen this with pfSense on Proxmox?

Thanks,
 
I am not sure about the issue you are having, but I had problems with pfsense and tried virtualpf which has been working fine over a year now.
ref: virtualpf . com
 
pfsense is just fine. virtualpf is a fork 4 years old doesnt look that mature compared to pf sense with its massive active development.
that said

whats exactly the config of your pf sense?
you have only one nic on the kvm host? how did you configure wan and lan interface on the pfsense?
where is your gateway?

sounds like you have a nat problem
 
Hi,

It certainly looks like a NAT problem, but my understanding of NAT is that it apples to all packets forwarded out through a given interface -- and that is not the case that I have. Some hosts on my LAN are getting through to the Internet without problems. Some (associated with the KVM bridge) are not.

There is only one NIC because the WAN is connected to a 3G cellular mobile network via ppp0.

I have posted the configuration on the psSense forum -- to which I am not permitted to link. So google "pfsense forum" and search for "LAN clients on KVM bridge can't connect through firewall".

Cheers,
 
I just run in to this problem with the latest pfSense on latest Proxmox. WAN clients can't access any LAN Containers on the local Proxmox node.

I have been scratching my head with this one for a while but then moved the LAN Containers on another Proxmox node and they started to connect with pfSense.

Seems like "boomerang" NAT is not working.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back