Hi all, I'm having some confusion with my OPT1 interface. I've found quite a few questions around OPT1 routing, with various solutions too, however none of them seem to be applicable to me. I may be misunderstanding something basic, so please bear with me.
I had pfSense inside KVM, with two virtual NICs, each connected to their corresponding physical NIC. One physical NIC goes to a LAN switch, and the other to a second switch, into which is plugged a DSL modem. I have another KVM host plugged into the same switches. It also runs this VM, and I can migrate back and forth without issue. There's still a single point of failure in each of the switches, and another in the modem, but this is good enough for my needs so that I may patch hosts independently etc. Internet access continues during the migration from host A to host B and vice versa. I've added a third NIC, (eth2 on the KVM hosts), added a bridge in the same way as the others (VMBR2), and presented this to the pfSense VM as a third NIC. I've added this as OPT1, given it an address in the form 192.168.yyy.1 (the address on the LAN interface is 192.168.xxx.1). I've connected these two new physical NICs to a separate switch, in the same manner as the others. Therefore one physical host has three NICs each in a separate switch. I intend to mirror the functionality of the LAN in OPT1; just having an extra range of addresses to use. For now I'd like LAN machines to be able to contact OPT1 machines and vice-versa. So the LAN interface still has this rule: IPv4 * LAN net * * * * none And I've added this one to OPT1, just like the OpenVPN interface has: IPv4 * * * * * * none I have a machine plugged into the new switch, 192.168.yyy.60 >From an address in 192.168.xxx.0, I can ping 192.168.xxx.1 and 192.168.yyy.1, but *not* 192.168.yyy.60 (destination host unreachable) On the OPT1 rule, I have "Log packets that are handled by this rule" ticked. Status --> System Logs --> Firewall doesn't contain anything at all for the OPT1 interface. The packet RRD graph for the OPT1 interface shows a lot of "in-block" which I don't understand given how relaxed the rules are. One odd thing I've noticed is: The VM has three MAC addresses; one for LAN, one for WAN and one for OPT1. Inside pfSense's Status --> Interface, they appear as: WAN interface (PPPOE1) - 00:00:00:00:00:00 there is no WAN interface and I don't understand this bit, but fair enough LAN interface - has the VM's LAN MAC address, as you might expect. OPT1 interface - actually has the VM's WAN MAC address (the second interface rather than the third interface) I did correct the MAC address for OPT1, only for it to break my internet temporarily which a VM restart then fixed. This still hasn't resolved the routing. Any help is appreciated. If the issue is due to my virtualised setup, I'd be interested to know why the LAN/WAN routing works fine the way it is. I'm on 32 bit 2.1.4 Many thanks, Chris _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
