Ask Your Question

Revision history [back]

Problem using pfSense VM inside a tenant


i have done an experiment to create an image of pfSense ( that is used like a router in my tenant.

I've installed "virtio" driver on FreeBSD 8.3 for networking & disk support and image work perfectly.

I have a "demo" tenant with this network topology:

  • WAN: - DHCP Enabled - Gateway
  • LAN: - DHCP Enabled - No Gateway
  • Router with interface and connected to ext_net

Inside this tenant there are two VM:

  1. pfSense - An instance of pfSense that I use like a router with two network card (WAN: & LAN:
  2. cirros - An instance of Cirros connected with one network card to LAN

In cirros I've change default route to point to address so pfSense can route packet to WAN for me.

But routing doesn't work.

After a bit of testing, I realized that it's a problem with a DROP iptables rule, generated by agent on the hypervisor where VM runs, for protect by spoofing attack.

It's possible to disable/remove this rule for a single port with neutron API ?