pfSense not passing web traffic to VM... maybe?

I have a rather complicated config I’m trying to get working for a home lab. I have Proxmox installed on old gaming rig. Currently I have two VMs on the host; a Win10 VM and a pfSense VM. There are also two bridges configured on the host; vmbr0 connects directly to eth0 and the Windows VM works fine when connected directly to it. There is a second host-only (i.e., not connected to any NIC) bridge named vmbr1. The pfSense VM is connected to vmbr0 and vmbr1 to provide a NAT router to the outside world. However, when the Windows VM is connected to vmbr1 and tries to use the pfSense router as its gateway, is when weird stuff happens.

Basically I can ping any Internet host I want to within the Windows VM when its connected to vmbr1/pfSense, but no web browser (Edge, IE, Firefox) can connect to any webpage. I can also successfully connect via SMB to the host, so obviously some traffic is making it through.

I have not made any changes to pfSense from a default config, other than assigning static addresses to the “WAN” and “LAN” interfaces and changing the default password. One thing to note is that I’m effectively trying to use “double NAT”, as my real router is using NAT to connect to the Internet. However, I’ve successfully done this with ESXi in the past, so I’m not sure what the problem is…

Found the solution, and it’s very stupid. pfSense apparently doesn’t like the virtio virtual NIC. I configured it thinking it would either work, or would completely fail. I didn’t count on it partially working. Once I configured the pfSense VM to use a virtualized Realtek NIC, it started passing web traffic like the effing thing is supposed to.

What a long strange trip its been…

1 Like