1

I have few vms (homelab) virtualized with KVM (CentOS7) and connected to my home network. Lately I tried to isolate them by putting them in separate network and I wanted to do so with virtualized pfsense on the same host as other vms.

First I created isolated network in virt-manager for my lab hosts. enter image description here

Then I created vm with 2 NICs and installed pfsense. One interface has 192.168.1.100 address (home lan) and the other one 10.13.37.1 (lab network). enter image description here enter image description here

pfsense xml dump:

<interface type='direct'>
  <mac address='52:54:00:52:37:3f'/>
  <source dev='enp1s0' mode='bridge'/>
  <target dev='macvtap0'/>
  <model type='virtio'/>
  <alias name='net0'/>
  <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<interface type='network'>
  <mac address='52:54:00:65:58:d6'/>
  <source network='lab' bridge='virbr1'/>
  <target dev='vnet1'/>
  <model type='virtio'/>
  <alias name='net1'/>
  <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</interface>

I moved one of my vms (test server) to the internal pfsense network and set pfsense ip address as a gateway, to test if I will be able to connect to the internet.

test server (10.13.37.54) xml dump:

<interface type='network'>
  <mac address='52:54:00:eb:ce:db'/>
  <source network='lab' bridge='virbr1'/>
  <target dev='vnet0'/>
  <model type='virtio'/>
  <alias name='net0'/>
  <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>

There is www server running on the test server and I can curl it (curl http://10.13.37.54) from pfsense vm so internal network is working fine. I also have internet connection on the pfsense (I can update os and, for example, curl http://google.com). From the test server I can ping pfsense and google.com, but when I try to curl http://google.com I'm constantly getting timeouts for some reason (same for other sites). I can resolve the google.com domain to IP so dns (udp packets) is working fine, but I can't establish TCP 3-way handshake. I'm sending SYN packet, but not getting anything back. Here's how packets capture from internal lab network looks like (captured on pfsense): enter image description here

Improve this question
3
  • So it sounds like you need to focus on pfsense. Can you provide specific reference(s) you used to set up pfsense please. E.g. to start with, where did you obtain pfsense from, also you haven't mentioned what version of pfsense. From my perspective I'm not saying you did something wrong, but I don't really know anything about using pfsense, so I can't even make any educated guess about what you did yet :-). Commented Mar 10, 2019 at 12:58
  • did you check the logs? i assume this document is relevant to your pfsense system: docs.netgate.com/pfsense/en/latest/firewall/… Commented Mar 10, 2019 at 13:02
  • I did not use any specific guide to set pfsense up. I just configured IPs on interfaces and make rule on firewall to pass all traffic, temporarily. Here's how firewall rules look like Commented Mar 10, 2019 at 13:18

1 Answer 1

Reset to default
1

I've got the answer on the other forum, turns out that all I had to do was disable hardware checksum offload, link to the documentation

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.