Hi,
I'm trying to install a pfsense as a gateway/router for my local network.
In theory, my plan is quite simple:
I have a Fritzbox used as a modem connected to my switch in VLAN.
My normal network is in another VLAN.
So I have setup two nics to pfsense on bridge vmbr0, one with no VLAN tag (home net), one with the modems tag.
The Internet seems to work fine, I can surf and setup Portforwards to hosts NOT on Proxmox and it works too.
However, if I try to setup a port forward to any of the other VM's I can't get a connection.
I changed the gateway on my other VM to the pfsense ip and I can connect to the internet.
However, if I try to connect trough the nat forward I can't get a connection.
Any Idea what might be wrong?
== EDIT ==
I replicated this setup in a virtual pve instance (in VMware player) and had the same problem.
Turns out that pfsense drops packets when using virtio with hardware checksum offload, but only if those packets never crossed a physical network (as was the case in all non-working cases) because the checksum is not calculated.
Disabling hardware checksumming/switching to Intel e1000 immediately solves the issue in my virtual pve however, I have to test on my real pve tomorrow.
In case someone has the same issue:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165059
https://forum.pfsense.org/index.php?topic=88467.0
Took me some time searching in the wrong direction until I found this.
I'm trying to install a pfsense as a gateway/router for my local network.
In theory, my plan is quite simple:
I have a Fritzbox used as a modem connected to my switch in VLAN.
My normal network is in another VLAN.
So I have setup two nics to pfsense on bridge vmbr0, one with no VLAN tag (home net), one with the modems tag.
The Internet seems to work fine, I can surf and setup Portforwards to hosts NOT on Proxmox and it works too.
However, if I try to setup a port forward to any of the other VM's I can't get a connection.
I changed the gateway on my other VM to the pfsense ip and I can connect to the internet.
However, if I try to connect trough the nat forward I can't get a connection.
Any Idea what might be wrong?
== EDIT ==
I replicated this setup in a virtual pve instance (in VMware player) and had the same problem.
Turns out that pfsense drops packets when using virtio with hardware checksum offload, but only if those packets never crossed a physical network (as was the case in all non-working cases) because the checksum is not calculated.
Disabling hardware checksumming/switching to Intel e1000 immediately solves the issue in my virtual pve however, I have to test on my real pve tomorrow.
In case someone has the same issue:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165059
https://forum.pfsense.org/index.php?topic=88467.0
Took me some time searching in the wrong direction until I found this.
Last edited:
