OPNsense Forum

Archive => 15.7 Legacy Series => Topic started by: aareya on August 20, 2015, 11:35:26 pm

Title: [SOLVED] KVM (oVirt) | Can ping public hostnames but can't browse
Post by: aareya on August 20, 2015, 11:35:26 pm

Hello all.

I'm very new to OPNsense. Have a weird issue with default install.

I have an oVirt (ovirt.org) server hosted in a datacenter. I'm trying to setup OPNsense as a "cloud" firewall.

my OPNsense virtual machine is configured with two nics WAN + LAN.
My WAN is configured with a Public IP.
My LAN is configured as 10.0.255.254/16

I have a few other virtual machines configured with one NIC on each which resides on the LAN network.

As stated with the default install of OPNsense with Outbound NAT set to auto I can ping public hostnames such as google.com or yahoo.com but when using a web browser on the LAN VMs I cannot access the internet.

From LAN VMs
using command line
ping google.com > success
ping yahoo.com > success
ping 8.8.8.8 > success
ping 209.244.0.3 > success
telnet google.com 80 > network not reachable

using web browser
URL google.com > page not found
URL 10.0.255.254 > OPNsense web page

From OPNsense
using shell
ping google.com > success
ping yahoo.com > success
ping 8.8.8.8 > success
ping 209.244.0.3 > success
telnet google.com 80 > connected

Am I missing a setting? I not sure why addresses can resolve via command line but are not actually reachable with a browser or telnet.

Any suggestions would be much appreciated.

Title: Re: KVM (oVirt) | Can ping public hostnames but can't browse
Post by: aareya on August 21, 2015, 01:21:55 am

Hello all again. Just figured out the issue. There are some compatibility issues with KVM's VirtIO nic and OPNsense, PFsense, and FreeBSD in general. When setting up nics in oVirt and any other KVM virtualization use nic type e1000 which is Intel's Generic Gigabit profile.

Don't forget to check out oVirt (ovirt.org) if you're looking for a fully open source alternative to ESXi, vSphere, & vCenter.

Title: Re: [SOVLED] KVM (oVirt) | Can ping public hostnames but can't browse
Post by: franco on August 21, 2015, 11:02:30 am

Hi there aareya,

glad that was solved so quickly. If you have any other trouble let us know. :)


Cheers,
Franco

Title: Re: [SOVLED] KVM (oVirt) | Can ping public hostnames but can't browse
Post by: KlaasT on August 28, 2015, 12:48:10 pm

Hi,

I had a similar issue. However I could keep using VirtIO when I disabled hardware checksum offloading and hardware TCP segmentation offloading.

As I read somewhere on the FreeBSD mailinglists there is currently an issue using a virtual FreeBSD with VirtIO and hardware checksum offloading on KVM.

Until I read this I was using Intel e1000 as a virtual NIC however these are really slow.

Maybe this works for you.