"
Thank you very much meyergru, your tips have been invaluable. I've happily been running this setup for many months and it's proven really solid and reliable.
I just came across an issue recently which is not a show stopper but quite annoying. I noticed that since I recently moved a busy service to the same proxmox host than runs Opnsense, it has become apparent that I get tons of firewall drop events (and the associated log spam). Everything in my setup runs over VLANs on top of bridged interfaces passed to Opnsense (vtnet). And to be clear, everything actually works great, routing is fine, firewall does what it must etc.
It's just that now that I added a dual homed VM to the same proxmox host (attached to two of the bridges Opnsense uses),I notice somehow Opnsense *also* deals with packets that shouldn't be processed, so I get tons of drops. I get drops for intra VLAN activity (from/to the same local subnet). And it seems it's like return traffic only (like it's all ACKs, never a SYN). Obviously Opnsense drops these as invalid state/default deny. But again everything actually works and those local flows are fine, it's just the load and spam on the firewall which is annoying. routing wise (netmasks, gateways/static routes etc) are all correct on all hosts involved. It's not just this new VM either, it happens with random other clients/servers, it's just that this new box is chatty so the issue only now became very apparent.
I'm going to troubleshoot further but in case anyone has a clue that would be much appreciated.
thanks!
I just came across an issue recently which is not a show stopper but quite annoying. I noticed that since I recently moved a busy service to the same proxmox host than runs Opnsense, it has become apparent that I get tons of firewall drop events (and the associated log spam). Everything in my setup runs over VLANs on top of bridged interfaces passed to Opnsense (vtnet). And to be clear, everything actually works great, routing is fine, firewall does what it must etc.
It's just that now that I added a dual homed VM to the same proxmox host (attached to two of the bridges Opnsense uses),I notice somehow Opnsense *also* deals with packets that shouldn't be processed, so I get tons of drops. I get drops for intra VLAN activity (from/to the same local subnet). And it seems it's like return traffic only (like it's all ACKs, never a SYN). Obviously Opnsense drops these as invalid state/default deny. But again everything actually works and those local flows are fine, it's just the load and spam on the firewall which is annoying. routing wise (netmasks, gateways/static routes etc) are all correct on all hosts involved. It's not just this new VM either, it happens with random other clients/servers, it's just that this new box is chatty so the issue only now became very apparent.
I'm going to troubleshoot further but in case anyone has a clue that would be much appreciated.
thanks!
