[SOLVED] the pfSense doesn't work corectly

marcinr_92

New Member
Jan 2, 2021
12
0
1
30
Hello All,

This is my startup config for proxmox(nothing special)
1612609261188.png
The problem:
Below I present the architecture of my solution. The problem is that the pfsense router does not respond to ping from VM1 and VM2, but when I use ping from pfSesne to VM1/VM2 the virtual machines respond. I would like the re1 (lab) interface in pfSesne to be the default gateway for vm1 and vm2, I want to provide routing as well.

1612610081288.png

Below i put VM's config:

#####################################################################################
pfSense:
1612609575382.png

#####################################################################################
VM1
IP: 192.168.10.106
GW: 192.168.10.254
1612609501377.png

#####################################################################################
VM2
IP: 192.168.10.107
GW: 192.168.10.254
1612609548665.png



I say immediately, I've tried to disable firewall on pfSesne from shell :)
 

Attachments

  • 1612609324392.png
    1612609324392.png
    53.7 KB · Views: 7

bobmc

Renowned Member
May 17, 2018
632
105
63
65
I have a similar setup which works fine. However I have the management IP on vmbr199, vmbr0 is exclusive to pfSense.

Question? Can the VM's ping each other? Do you see any firewall traffic at all on the pfSense logs?

edit: think it's to do with the gateway on the host being on vmbr0 - if you can I'd suggest trying to put the management IP and gateway on the LAN side - or at least put the default gateway as 192.168.10.254 on vmbr199 and remove the gateway on vmbr0 (Proxmox GUI won't let you assign multiple gateways)
 
Last edited:

marcinr_92

New Member
Jan 2, 2021
12
0
1
30
I have a similar setup which works fine. However I have the management IP on vmbr199, vmbr0 is exclusive to pfSense.

Question? Can the VM's ping each other? Do you see any firewall traffic at all on the pfSense logs?

it's funny because it just started working.

There must have been some problem with communication on L3 level: /, do you have some nice source of information how to provide routing now? The last question is, whose firewall should I use? provided by proxmox or pfSense?



edit:
Noo.. still the same... i'm completely confused

it seems that the problem appears when adding the second vmbr199 interface, it works for a while, then all communication to virtual machines and GUI disappears

@bobmc yes, the machines can ping each other
 
Last edited:

datdenkikniet

Member
Mar 28, 2020
22
4
8
23
Disabling hardware offloading in PfSense (in "Avanced > Networking"), sometimes helps (also described in this thread).

While it seemed to only really help when the virtio driver is used, it might still do the trick
 
Last edited:

bobmc

Renowned Member
May 17, 2018
632
105
63
65
I think to make this work in this configuration, you would need to make changes to the routing tables on the host and the pfsense VM

Can I ask why the host needs to be on the WAN side of the network? If you were to put the host mamagement IP on the LAN side then the host would be protected by the pfSense firewall. If you need access to the proxmox host from the WAN side, you can setup port-forwarding on pfSense.
 
  • Like
Reactions: marcinr_92

marcinr_92

New Member
Jan 2, 2021
12
0
1
30
Ok, sure I'm getting closer to the solution.

Every time a new one adds an interface and I turn it on, it automatically turns on the firewall on all interfaces. When the firewall is turned off, the hosts have no problem communicating in both directions.

I turn off the firewall with "pfctl -d", when I turn it on using "pfctl -e" there is no communication. It makes sense to me, but why does it cut all my traffic when I turn on the new interface? even to webGUI

The above problem implies that every time my traffic disappears, whether to the web gui or to the network interface, I have to turn off the firewall
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!