按pfsense官方论坛的解释,FreeBSD会drop掉那些没有checksum的packet;而在linux里,kvm虚拟机的网卡如果型号是VirtIO,则通过网卡的数据是不会checksum的,这是VirtIO技术的一个特性(e1000或者rtl8139两个型号没有这个问题),VirtIO认为经过虚拟机网卡的数据并没有经过实体物理网线,只是在shared memory里传输,所以VirtIO网卡不会对经过的数据包进行checksum;而这些没有checksum的数据包,全被FreeBSD给drop掉了,这就导致你说的:TCP被丢包 — 主动丢包。
我的虚拟机B恰恰把网卡型号设置成了VirtIO,所以TCP包都被pfsense给drop掉了~
解决方案也很简单,关掉 tx checksum offloading就行,具体操作:用另一个虚拟机web登录pfsense,然后找到System>Advanced>Networking,向下找到Network Interfaces,确保下面三项disable框都是被勾选状态,再重启pfsense就可以:
– Hardware Checksum Offloading
– Hardware TCP Segmentation Offloading
– Hardware Large Receive Offloading
其实后面两项默认就是选中状态
Configuring pfSense Software to work with Proxmox VirtIO
After the pfSense installation and interfaces assignment is complete, connect to the assigned LAN port from another computer.
Warning
Because the hardware checksum offload is not yet disabled, accessing pfSense webGUI might be sluggish. This is NORMAL and is fixed in the following step.
To disable hardware checksum offload, navigate under System > Advanced and select Networking tab. Under Networking Interfaces section check the Disable hardware checksum offload and click save. Reboot will be required after this step.
Congratulations, the pfSense virtual machine installation and configuration on Proxmox is now complete.
https://pve.proxmox.com/wiki/PfSense_Guest_Notes
https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-proxmox.html