The pfSense Store

Author Topic: [SOLVED] em1 active when only VLANs are used within the interface (Virtualbox)  (Read 359 times)

0 Members and 1 Guest are viewing this topic.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14293
  • Karma: +1330/-193
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: em1 active when only VLANs are being used within the interface
« Reply #15 on: November 05, 2017, 06:37:41 am »
Congrats on the small lady addition ;)

Been a while since played with virtualbox.. Isn't current 5.2?  I do recall back in the day that virtualbox liked to strip tags.. So you could have issues if your sending tagged and untagged traffic to the same nic that is in bridge mode on a switch port that is sending tagged and untagged.. Like I said its been a bit since played with virtual box..

Why not just run a type 1 VM OS on this box?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.2-RELEASE on VM esxi 6.5 (home)

Offline XabiX

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: em1 active when only VLANs are being used within the interface
« Reply #16 on: November 05, 2017, 09:32:26 am »
Congrats on the small lady addition ;)
Then you!

Been a while since played with virtualbox.. Isn't current 5.2?  I do recall back in the day that virtualbox liked to strip tags.. So you could have issues if your sending tagged and untagged traffic to the same nic that is in bridge mode on a switch port that is sending tagged and untagged.. Like I said its been a bit since played with virtual box..

Why not just run a type 1 VM OS on this box?
You are right it's 5.2 the latest. I started with an Ubuntu server and then added vms as I needed. It was not designed to be initially. VirtualBox is free and easy to use so didn't think of reinstalling it as a type 1 hyperversor. Not sure how much I will win and the free options may asked me to invest time in discovering new technology. I tried a while back Xen and it s was not that easy. Not sure if it was a true type 1.

Currently on VirtualBox one nic is untagged (public) and the other nic is tagged (private) so I am not mixing tagged and untagged in the same interface but I can try to tag the public one in Pfsense and in the switch.
Still my issue is more linked to the private interface where em1 traffic is being discarded on the firewall logs while this interface doesn't exist, only the van ones do. So it s me a display issue (as I can't not log them as I can't create a few rule on an unexisting interface). From a functionality I don't think it's affecting while I noticed web browsing slow with DNSBL and a vip floating ip address accessible and dans lookups quick).

I was thinking of reinstalling but last time I exported imported I even having lost quite some configs like static dhcp, DNSBL aka PfBlocker etc... So not sure I want to redo it all as I have limited free time in the coming weeks lol.

I recall trying to create em1 then having to reboot as losing connectivity. Not sure why but I got some pré configured fw rules coming from my CAM interface/vlan. Therefore I tweaked them but felt strange to have a fake em1 created for that and worried than another issue could arise.

Are there while ssh cmd that would be worth double checking? Before attempting to redo a config? I will investigate if there is a better way to do a backup too 😄

I would be back home in 5h so will add some screens fyi on the VirtualBox config which seem pretty standard to me.

Merci
Pfsense (latest) running on Virtualbox Ubuntu 16.04 with Intel PRO/1000 (82543GC) with 2 Bridge Adapters set with promiscuous mode set to Deny

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14293
  • Karma: +1330/-193
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: em1 active when only VLANs are being used within the interface
« Reply #17 on: November 05, 2017, 09:50:29 am »
From what I remember with virtualbox.. So you have these vlan interfaces setup in your host.. Ubuntu?  When you want a VM to see traffic on a vlan interface vm network needs to be set to that vlan.. Not the interface itself.

This way ubuntu is handling the vlan tags and all your VM sees is untagged traffic.. So in pfsense you wouldn't be setting up any vlans at all.. To pfsense it would just be a native interface on that network.

example here is a ubuntu vm of mine that is using vlans..

ifconfig output, just showing a few of the vlan interfaces.

eth0.100  Link encap:Ethernet  HWaddr 00:0c:29:f1:a5:4f 
          inet addr:192.168.5.20  Bcast:192.168.5.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fef1:a54f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19812 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1743092 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1023373 (1.0 MB)  TX bytes:73253925 (73.2 MB)

eth0.200  Link encap:Ethernet  HWaddr 00:0c:29:f1:a5:4f 
          inet addr:192.168.4.20  Bcast:192.168.4.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fef1:a54f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:206991 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1806062 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:12969379 (12.9 MB)  TX bytes:76346840 (76.3 MB)

eth0.300  Link encap:Ethernet  HWaddr 00:0c:29:f1:a5:4f 
          inet addr:192.168.6.20  Bcast:192.168.6.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fef1:a54f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10371 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1754579 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:477066 (477.0 KB)  TX bytes:73692670 (73.6 MB)

See the vlans are setup in ubuntu itself.. You would then bridge these specific interfaces or subinterfaces vlan interfaces, different terms for the same thing.. You would then connect these to your vm via the bridged interface in virtualbox..

From what I remember you wouldn't do this with virtualbox

"em1 with VLANs for the LAN, DMZ and WIFI. "

You would just have the VM with em2, em3, em4 tied to the specific vlans in your virtualbox networking - pfsense would never see any tags, etc.

« Last Edit: November 05, 2017, 09:55:15 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.2-RELEASE on VM esxi 6.5 (home)

Offline XabiX

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Re: em1 active when only VLANs are being used within the interface
« Reply #18 on: November 05, 2017, 03:50:14 pm »
Again thank you for your active support.
Thanks to you I have solved 2 issues: one is getting better performances and the other to have the VLANs working.

I will therefore move it all to Proxmox after having read a lot about hypervisor type 1 and VLAN tagging with Virtuabox. one of the post which gives this conclusion without much context is: https://community.ubnt.com/t5/UniFi-Routing-Switching/Solved-How-to-connect-Virtual-Machines-to-a-different-subnet/td-p/1840661 but that summarize my googling :)

if some people are interested,
http://www.aitek.ch/migrating-virtualbox-vdi-to-proxmox-ve-proxmox-support-forum/
https://rmoff.net/2016/06/07/importing-vmware-and-virtualbox-vms-to-proxmox/
https://pve.proxmox.com/wiki/Network_Model

I will put the thread as solved as the issue is clearly on Virtualbox and that should explain why I was finding Pfsense a little bit slow :)
Pfsense (latest) running on Virtualbox Ubuntu 16.04 with Intel PRO/1000 (82543GC) with 2 Bridge Adapters set with promiscuous mode set to Deny