I'm currently failing in reaching any of the VMs via their interfaces connected to the 1.2.3.128/25. I've configured firewall rules to allow ICMP echo requests as well as TCP ports 80 and 443 for destinations in that subnet on the WAN interface. I can see that traffic is blocked when I disable these rules and is passed if I leave them enabled. If I do an HTTP request, I see CLOSED:SYN_SENT/SYN_SENT:CLOSED in pfSense's "Diagnostics: Show States".
I've done a few setups like this. Make sure you have rules allowing the return traffic from OPT to WAN. To make sure you aren't getting bit by your webserver virtual machine routing the return traffic out the other interface (I don't know, it could happen...) try to setup a vm that only connects to vswitch2 and see if you have the same problem. Can you ping the vm from the firewall? Try pinging from each interface on the firewall.
If you can ping it fine when it's only connected to one vswitch, but not when you add the second interface to the vm it's probably a routing issue on the vm. Do you have default routes set for both interfaces on the webserver? If you do "netstat -rn" you should see entries for both interfaces. Something like this:
Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 1.2.3.1 0.0.0.0 UG 0 0 0 eth0 0.0.0.0 1.2.3.129 0.0.0.0 UG 0 0 0 eth1 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
