You only need to disable checksum offloading on the hypervisor side of pfSense's interface.
Any interface that does DomU-DomU communication on pfSense's side produces un-checksummed packets which get dropped by PF in BSD.
sudo ethtool -K $interface tx off
where $interface is the VIF on the Xen Dom0 side is enough. Setting TX off on the bridge forces the Dom0 to calculate ALL checksums on ALL packets no matter where the come from or where they are going. This is not a smart idea since it creates a lot of calculations where they might not be needed. So if the pfSense DomU is on vif123.0 you run: sudo ethtool -K vif123.0 tx off
Sorry noob question here,
I am using a Xen implementation on a unraid distribution, when you say Dom0 side are you talking about the VIF that is spun up with the PFsense VM ? Like when i ifconfig to list my interfaces I just don't really know how to identify the interface you are referring to.
Sorry for the noob question again
Basically, when Xen starts a VM, the Domain ID gets appended to the VIF name. So if you start pfSense and it gets domain ID 123, the name you will see in ifconfig is something like vif123.0 for the first interface, vif123.1 for the second interface, etc. Sometimes, there are double interfaces, one with -emu on it, so you'd have vif123.0-emu as well.
So, if you are running non-enterprise Xen, you use XL or XM, and you can list your domains, like: sudo xl list. That will show you all domU's, and the ID's. Using ethtool you can then set the interface options.
You can also edit the vif-up scripts, or whatever vif-script is configured for your Xen setup, and have it do the ethtool magic when the interface is setup at domain startup.
It's all here:
I recently just rebuilt my test stack and all I did was the tx and rx on every NIC which is still probably more than is necessary but it worked.
Yes, but that usually applies to XE and not XM or XL installations
Both are important of course, but the people using Xen sometimes don't know what they have :p so we need to know what they are using to give any useful comment :p