Static route all host and local KVM traffic via local pfSense KVM before routing to gw The Next CEO of Stack Overflowrepair the static route to allow traffic to right placerouting problem - arpNo “unreachable” response for an outgoing TCP connection when using fwmark and policy routinglinux policy routing; Sending arp for off network IPs instead of sending traffic to gatewayUnderstand when in the day of a life of an ICMP “echo reply” message “ip rule” tables are consultedRoute all eth1 traffic over VPNIs it possible to force fwmark reflection in arbitrary-TCP reply packets?Routing traffic via different interface based on destinationConfiguring Linux Mint as a GatewayKVM: how do I add host route when VM starts?
What exact does MIB represent in SNMP? How is it different from OID?
Is there a difference between "Fahrstuhl" and "Aufzug"
Indicator light circuit
What happened in Rome, when the western empire "fell"?
Bold, vivid family
How do I go from 300 unfinished/half written blog posts, to published posts?
Should I tutor a student who I know has cheated on their homework?
Complex fractions
MessageLevel in QGIS3
Why did we only see the N-1 starfighters in one film?
Why don't programming languages automatically manage the synchronous/asynchronous problem?
What's the best way to handle refactoring a big file?
Elegant way to replace substring in a regex with optional groups in Python?
In excess I'm lethal
Are there any unintended negative consequences to allowing PCs to gain multiple levels at once in a short milestone-XP game?
Is it my responsibility to learn a new technology in my own time my employer wants to implement?
What benefits would be gained by using human laborers instead of drones in deep sea mining?
Why does the UK parliament need a vote on the political declaration?
How to avoid supervisors with prejudiced views?
Is it ever safe to open a suspicious html file (e.g. email attachment)?
What happens if you roll doubles 3 times then land on "Go to jail?"
Why does standard notation not preserve intervals (visually)
Why do professional authors make "consistency" mistakes? And how to avoid them?
How to transpose the 1st and -1th levels of arbitrarily nested array?
Static route all host and local KVM traffic via local pfSense KVM before routing to gw
The Next CEO of Stack Overflowrepair the static route to allow traffic to right placerouting problem - arpNo “unreachable” response for an outgoing TCP connection when using fwmark and policy routinglinux policy routing; Sending arp for off network IPs instead of sending traffic to gatewayUnderstand when in the day of a life of an ICMP “echo reply” message “ip rule” tables are consultedRoute all eth1 traffic over VPNIs it possible to force fwmark reflection in arbitrary-TCP reply packets?Routing traffic via different interface based on destinationConfiguring Linux Mint as a GatewayKVM: how do I add host route when VM starts?
Tying to logically force ALL laptop traffic (from local KVMs and host) through a local pfSense KVM before leaving the host (fedora). Still want DHCP from the router. I've made significant progress but the routing is giving me grief. Not worried about persisting reboot, I can figure that out later. Open to other methods, but prefer native/efficient solutions. Here's what I have so far.
Desired logical route:
Host
---> pfSense (KVM) ---> wlp2s0 ---> WAP
KVMs /
Added wifi interface to virtual bridge:
iw dev wlp2s0 set 4addr on
brctl addif vmbr2 wlp2s0
vmbr2
192.168.1.254/24
vnet0 (KVM pfSense WAN interface 192.168.0.254/24)
wlp2s0 (192.168.0.106/24, gateway at 192.168.0.1/24)
vmbr3
192.168.1.254/24
vnet1 (KVM pfSense LAN interface 192.168.1.1/24)
Deleted all ip routes, then added static, source-based routing using commands:
echo 200 pfWANout >>/etc/iproute2/rt_tables
ip rule add from 192.168.0.0/24 lookup pfWANout
ip route add 192.168.0.1 dev wlp2s0 table 200
echo 201 pfLANin >>/etc/iproute2/rt_tables
ip rule add from 192.168.1.0/24 lookup pfLANin
ip route add 192.168.1.1 dev vmbr3 table 201
fedora routing kvm pfsense
asked Mar 17 '18 at 8:45
primohackerprimohacker
12
add a comment |
Tying to logically force ALL laptop traffic (from local KVMs and host) through a local pfSense KVM before leaving the host (fedora). Still want DHCP from the router. I've made significant progress but the routing is giving me grief. Not worried about persisting reboot, I can figure that out later. Open to other methods, but prefer native/efficient solutions. Here's what I have so far.
Desired logical route:
Host
---> pfSense (KVM) ---> wlp2s0 ---> WAP
KVMs /
Added wifi interface to virtual bridge:
iw dev wlp2s0 set 4addr on
brctl addif vmbr2 wlp2s0
vmbr2
192.168.1.254/24
vnet0 (KVM pfSense WAN interface 192.168.0.254/24)
wlp2s0 (192.168.0.106/24, gateway at 192.168.0.1/24)
vmbr3
192.168.1.254/24
vnet1 (KVM pfSense LAN interface 192.168.1.1/24)
Deleted all ip routes, then added static, source-based routing using commands:
echo 200 pfWANout >>/etc/iproute2/rt_tables
ip rule add from 192.168.0.0/24 lookup pfWANout
ip route add 192.168.0.1 dev wlp2s0 table 200
echo 201 pfLANin >>/etc/iproute2/rt_tables
ip rule add from 192.168.1.0/24 lookup pfLANin
ip route add 192.168.1.1 dev vmbr3 table 201
fedora routing kvm pfsense
asked Mar 17 '18 at 8:45
primohackerprimohacker
12
add a comment |
Tying to logically force ALL laptop traffic (from local KVMs and host) through a local pfSense KVM before leaving the host (fedora). Still want DHCP from the router. I've made significant progress but the routing is giving me grief. Not worried about persisting reboot, I can figure that out later. Open to other methods, but prefer native/efficient solutions. Here's what I have so far.
Desired logical route:
Host
---> pfSense (KVM) ---> wlp2s0 ---> WAP
KVMs /
Added wifi interface to virtual bridge:
iw dev wlp2s0 set 4addr on
brctl addif vmbr2 wlp2s0
vmbr2
192.168.1.254/24
vnet0 (KVM pfSense WAN interface 192.168.0.254/24)
wlp2s0 (192.168.0.106/24, gateway at 192.168.0.1/24)
vmbr3
192.168.1.254/24
vnet1 (KVM pfSense LAN interface 192.168.1.1/24)
Deleted all ip routes, then added static, source-based routing using commands:
echo 200 pfWANout >>/etc/iproute2/rt_tables
ip rule add from 192.168.0.0/24 lookup pfWANout
ip route add 192.168.0.1 dev wlp2s0 table 200
echo 201 pfLANin >>/etc/iproute2/rt_tables
ip rule add from 192.168.1.0/24 lookup pfLANin
ip route add 192.168.1.1 dev vmbr3 table 201
fedora routing kvm pfsense
asked Mar 17 '18 at 8:45
primohackerprimohacker
12
Tying to logically force ALL laptop traffic (from local KVMs and host) through a local pfSense KVM before leaving the host (fedora). Still want DHCP from the router. I've made significant progress but the routing is giving me grief. Not worried about persisting reboot, I can figure that out later. Open to other methods, but prefer native/efficient solutions. Here's what I have so far.
Desired logical route:
Host
---> pfSense (KVM) ---> wlp2s0 ---> WAP
KVMs /
Added wifi interface to virtual bridge:
iw dev wlp2s0 set 4addr on
brctl addif vmbr2 wlp2s0
vmbr2
192.168.1.254/24
vnet0 (KVM pfSense WAN interface 192.168.0.254/24)
wlp2s0 (192.168.0.106/24, gateway at 192.168.0.1/24)
vmbr3
192.168.1.254/24
vnet1 (KVM pfSense LAN interface 192.168.1.1/24)
Deleted all ip routes, then added static, source-based routing using commands:
echo 200 pfWANout >>/etc/iproute2/rt_tables
ip rule add from 192.168.0.0/24 lookup pfWANout
ip route add 192.168.0.1 dev wlp2s0 table 200
echo 201 pfLANin >>/etc/iproute2/rt_tables
ip rule add from 192.168.1.0/24 lookup pfLANin
ip route add 192.168.1.1 dev vmbr3 table 201
fedora routing kvm pfsense
fedora routing kvm pfsense
asked Mar 17 '18 at 8:45
primohackerprimohacker
12
asked Mar 17 '18 at 8:45
primohackerprimohacker
12
edited Mar 17 '18 at 17:52
primohacker
asked Mar 17 '18 at 8:45
primohackerprimohacker
12
asked Mar 17 '18 at 8:45
primohackerprimohacker
12
asked Mar 17 '18 at 8:45
primohackerprimohacker
12
12
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Throwing in the towel for now. I would really like to connect with anyone who is trying this, feel free to comment on this thread even if it grows old. I have found some pages on the interwebs where neckbeards say they figured this out, but there is little elaboration. Here's my current progress with some resources in case someone else is trying this too.
Standard ip routing seems to be the ticket (instead of source-based routing). Still not sure how to configure so that routes eth/wlan routes are added when connecting to routers with different subnets, but not add any other routes that would bypass pfSense. Could just let them populate and manipulate the pfSense default route metric, but good luck making sense of your routing table when you start standing up more KVMs. There must be a cleaner way.
Getting wlan to connect to virtual bridge is infuriating. 4addr method requires accommodating wap configuration, which essentially defeats the purpose. Didn't try installing wlan_kabel, which may work.
https://askubuntu.com/questions/155041/bridging-loosing-wlan-network-connection-with-4addr-on-option-why/277228
https://github.com/escitalopram/wlan_kabel
This has turned into a never ending project. 1 step forward and 4 steps back. Very difficult to wrap your head around configs host, KVM, routing, networking, switching, and pfSense configuration. I've learned a ton, so that part is a success, but after 50 plus hours I'm calling this one quits... for now. Again, feel free to comment on this thread even if it grows old.
answered Mar 18 '18 at 5:05
primohackerprimohacker
12
add a comment |
- ipv4 forwarding needs to be enabled.
Don't assign an IP to anything between your physical NIC and the pfSense WAN interface.
Let pfSense get its DHCP assignment from the AP.
Assign a static IP to pfSense LAN interface and enable DHCP server from pfSense to LAN.
Enable DHCP client on vmbr3.
Enable DHCP client on all subsequent KVM domains added to vmbr3.
answered 2 days ago
AlexAlex
33
New contributor
Alex is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Thanks for the reply Alex. I’ll give it a try as my schedule allows.
– primohacker
2 days ago
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430745%2fstatic-route-all-host-and-local-kvm-traffic-via-local-pfsense-kvm-before-routing%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Throwing in the towel for now. I would really like to connect with anyone who is trying this, feel free to comment on this thread even if it grows old. I have found some pages on the interwebs where neckbeards say they figured this out, but there is little elaboration. Here's my current progress with some resources in case someone else is trying this too.
Standard ip routing seems to be the ticket (instead of source-based routing). Still not sure how to configure so that routes eth/wlan routes are added when connecting to routers with different subnets, but not add any other routes that would bypass pfSense. Could just let them populate and manipulate the pfSense default route metric, but good luck making sense of your routing table when you start standing up more KVMs. There must be a cleaner way.
Getting wlan to connect to virtual bridge is infuriating. 4addr method requires accommodating wap configuration, which essentially defeats the purpose. Didn't try installing wlan_kabel, which may work.
https://askubuntu.com/questions/155041/bridging-loosing-wlan-network-connection-with-4addr-on-option-why/277228
https://github.com/escitalopram/wlan_kabel
This has turned into a never ending project. 1 step forward and 4 steps back. Very difficult to wrap your head around configs host, KVM, routing, networking, switching, and pfSense configuration. I've learned a ton, so that part is a success, but after 50 plus hours I'm calling this one quits... for now. Again, feel free to comment on this thread even if it grows old.
answered Mar 18 '18 at 5:05
primohackerprimohacker
12
add a comment |
Throwing in the towel for now. I would really like to connect with anyone who is trying this, feel free to comment on this thread even if it grows old. I have found some pages on the interwebs where neckbeards say they figured this out, but there is little elaboration. Here's my current progress with some resources in case someone else is trying this too.
Standard ip routing seems to be the ticket (instead of source-based routing). Still not sure how to configure so that routes eth/wlan routes are added when connecting to routers with different subnets, but not add any other routes that would bypass pfSense. Could just let them populate and manipulate the pfSense default route metric, but good luck making sense of your routing table when you start standing up more KVMs. There must be a cleaner way.
Getting wlan to connect to virtual bridge is infuriating. 4addr method requires accommodating wap configuration, which essentially defeats the purpose. Didn't try installing wlan_kabel, which may work.
https://askubuntu.com/questions/155041/bridging-loosing-wlan-network-connection-with-4addr-on-option-why/277228
https://github.com/escitalopram/wlan_kabel
This has turned into a never ending project. 1 step forward and 4 steps back. Very difficult to wrap your head around configs host, KVM, routing, networking, switching, and pfSense configuration. I've learned a ton, so that part is a success, but after 50 plus hours I'm calling this one quits... for now. Again, feel free to comment on this thread even if it grows old.
answered Mar 18 '18 at 5:05
primohackerprimohacker
12
add a comment |
Throwing in the towel for now. I would really like to connect with anyone who is trying this, feel free to comment on this thread even if it grows old. I have found some pages on the interwebs where neckbeards say they figured this out, but there is little elaboration. Here's my current progress with some resources in case someone else is trying this too.
Standard ip routing seems to be the ticket (instead of source-based routing). Still not sure how to configure so that routes eth/wlan routes are added when connecting to routers with different subnets, but not add any other routes that would bypass pfSense. Could just let them populate and manipulate the pfSense default route metric, but good luck making sense of your routing table when you start standing up more KVMs. There must be a cleaner way.
Getting wlan to connect to virtual bridge is infuriating. 4addr method requires accommodating wap configuration, which essentially defeats the purpose. Didn't try installing wlan_kabel, which may work.
https://askubuntu.com/questions/155041/bridging-loosing-wlan-network-connection-with-4addr-on-option-why/277228
https://github.com/escitalopram/wlan_kabel
This has turned into a never ending project. 1 step forward and 4 steps back. Very difficult to wrap your head around configs host, KVM, routing, networking, switching, and pfSense configuration. I've learned a ton, so that part is a success, but after 50 plus hours I'm calling this one quits... for now. Again, feel free to comment on this thread even if it grows old.
answered Mar 18 '18 at 5:05
primohackerprimohacker
12
Throwing in the towel for now. I would really like to connect with anyone who is trying this, feel free to comment on this thread even if it grows old. I have found some pages on the interwebs where neckbeards say they figured this out, but there is little elaboration. Here's my current progress with some resources in case someone else is trying this too.
Standard ip routing seems to be the ticket (instead of source-based routing). Still not sure how to configure so that routes eth/wlan routes are added when connecting to routers with different subnets, but not add any other routes that would bypass pfSense. Could just let them populate and manipulate the pfSense default route metric, but good luck making sense of your routing table when you start standing up more KVMs. There must be a cleaner way.
Getting wlan to connect to virtual bridge is infuriating. 4addr method requires accommodating wap configuration, which essentially defeats the purpose. Didn't try installing wlan_kabel, which may work.
https://askubuntu.com/questions/155041/bridging-loosing-wlan-network-connection-with-4addr-on-option-why/277228
https://github.com/escitalopram/wlan_kabel
This has turned into a never ending project. 1 step forward and 4 steps back. Very difficult to wrap your head around configs host, KVM, routing, networking, switching, and pfSense configuration. I've learned a ton, so that part is a success, but after 50 plus hours I'm calling this one quits... for now. Again, feel free to comment on this thread even if it grows old.
answered Mar 18 '18 at 5:05
primohackerprimohacker
12
answered Mar 18 '18 at 5:05
primohackerprimohacker
12
answered Mar 18 '18 at 5:05
primohackerprimohacker
12
answered Mar 18 '18 at 5:05
primohackerprimohacker
12
12
add a comment |
add a comment |
- ipv4 forwarding needs to be enabled.
Don't assign an IP to anything between your physical NIC and the pfSense WAN interface.
Let pfSense get its DHCP assignment from the AP.
Assign a static IP to pfSense LAN interface and enable DHCP server from pfSense to LAN.
Enable DHCP client on vmbr3.
Enable DHCP client on all subsequent KVM domains added to vmbr3.
answered 2 days ago
AlexAlex
33
New contributor
Alex is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Thanks for the reply Alex. I’ll give it a try as my schedule allows.
– primohacker
2 days ago
add a comment |
- ipv4 forwarding needs to be enabled.
Don't assign an IP to anything between your physical NIC and the pfSense WAN interface.
Let pfSense get its DHCP assignment from the AP.
Assign a static IP to pfSense LAN interface and enable DHCP server from pfSense to LAN.
Enable DHCP client on vmbr3.
Enable DHCP client on all subsequent KVM domains added to vmbr3.
answered 2 days ago
AlexAlex
33
New contributor
Alex is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Thanks for the reply Alex. I’ll give it a try as my schedule allows.
– primohacker
2 days ago
add a comment |
- ipv4 forwarding needs to be enabled.
Don't assign an IP to anything between your physical NIC and the pfSense WAN interface.
Let pfSense get its DHCP assignment from the AP.
Assign a static IP to pfSense LAN interface and enable DHCP server from pfSense to LAN.
Enable DHCP client on vmbr3.
Enable DHCP client on all subsequent KVM domains added to vmbr3.
answered 2 days ago
AlexAlex
33
New contributor
Alex is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
- ipv4 forwarding needs to be enabled.
Don't assign an IP to anything between your physical NIC and the pfSense WAN interface.
Let pfSense get its DHCP assignment from the AP.
Assign a static IP to pfSense LAN interface and enable DHCP server from pfSense to LAN.
Enable DHCP client on vmbr3.
Enable DHCP client on all subsequent KVM domains added to vmbr3.
answered 2 days ago
AlexAlex
33
New contributor
Alex is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 2 days ago
AlexAlex
33
New contributor
Alex is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 2 days ago
AlexAlex
33
answered 2 days ago
AlexAlex
33
33
New contributor
Alex is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Alex is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Alex is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Thanks for the reply Alex. I’ll give it a try as my schedule allows.
– primohacker
2 days ago
add a comment |
1
Thanks for the reply Alex. I’ll give it a try as my schedule allows.
– primohacker
2 days ago
1
1
Thanks for the reply Alex. I’ll give it a try as my schedule allows.
– primohacker
2 days ago
Thanks for the reply Alex. I’ll give it a try as my schedule allows.
– primohacker
2 days ago
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f430745%2fstatic-route-all-host-and-local-kvm-traffic-via-local-pfsense-kvm-before-routing%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
