On Jun 10, 2014, at 5:37 PM, Stefan Baur <newsgroups.ma...@stefanbaur.de> wrote:
> Am 10.06.2014 22:52, schrieb Karsten Gorling: >> * Stefan Baur <newsgroups.ma...@stefanbaur.de> [140610 17:59]: >>> This works all fine and dandy as long as I'm not using virtio: >> >> I had the same Problem. Essentially the VirtIO Network Drivers of >> FreeBSD are broken, you have to use another virtual Network Card. >> https://groups.google.com/forum/#!msg/mailing.freebsd.bugs/gw42Il1AX0o/3zj-gnRKgHIJ > > Browsing through the pfSense forum and the FreeBSD Bugtracker, I found > that checking the "Disable hardware checksum offload" box on > /system_advanced_network.php *and manually rebooting after saving* > solved the problem for me. Haven't done any performance comparisons yet, > though. > > Maybe you want to try the same? Again, it seems to be important to > reboot pfSense manually after the change - there's no prompt telling you > you should (all it says is " The changes have been applied > successfully." - but they don't come to life until you reboot). I've had problems using pf under KVM with the virtio driver, as reported in this thread: http://lists.freebsd.org/pipermail/freebsd-stable/2013-August/074637.html In my case, it would provoke abrt crash reports on the KVM host. I subsequently discovered that this did not happen when using the e1000 driver in the FreeBSD guest, so it seems that pf in general is not a problem for FreeBSD guests under KVM, just the pf+virtio (vnetX) combination. IIRC, I didn't notice a severe performance degradation when switching temporarily to the e1000 driver. It isn't too big an issue for me right now because I do firewalling at the pfSense gateway and not on the guests. It would be nice for the pf + virtio combination to work harmoniously, though, so I'd have the option of firewalling on the guests, too, if needed at some point. Cheers, Paul. _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
