Cluster firewall enabled blocks SDN simple zone VNet DHCP

B

BobAtSmith

New Member
Mar 7, 2024
5
0
1
Just getting started and have a cluster with a simple SDN zone configured with a Vnet and subnet with SNAT and DHCP enabled.

With the cluster level firewall disabled Windows VMs in the Vnet subnet get a DHCP lease but with the cluster level firewall enabled they do not.

I've been trying to find out what allow rule I need to add to the cluster firewall to enable DHCP without success.

Help!

Thanks
Bob
 
So the Simple Zone, VNet has the network 10.0.1.0/24 and a gateway of 10.0.1.1
Testing with a Win 2022 server VM.

With the Datacenter firewall off the VM gets a DHCP address from 10.0.1.1
With the datacenter firewall on it gets '...unable to contact your DHCP server'

I tried adding an allow all East-West rule for the 10.0.1.0 network - no go
Also tried UDP 67, 68 to-from the VNet and host management network - no go

Once the VM has an IP address with the Datacenter firewall off the firewall can be re-enabled and the VM continues to work fine. If an ipconfig /release, ipconfig /renew is performed or a server restart happens then it fails to reach the DHCP server again.

Appreciate the assistance.
Bob
 
Still wrestling with, and attempting an understanding of, how a VM in a simple Zone gets a DHCP address - because mine are not.

Simple Zone, VNet 10.0.1.0/24 and a gateway of 10.0.1.1 SNAT enabled and a DHCP range of 10.0.1.11-10.0.1.100

IPAM shows the VM has been granted an IP of 10.0.1.11 but the VM (Windows 2022 server) says DHCP server unreachable.

Where exactly does the DHCP process run?


1711025441448.png

1711025825166.png
 
Hi Bob,
I am also wrestling with this. The dhcp configuration in the VNET becomes a dnsmasq configuration in your host.
Zone is "Simple" With Vnet "xx" and Subnet 10.0.0.0/24 Generates the following:

In /etc/dnsmasq.d/Simple/

10-xx.conf
00-default.conf

10-xx.conf is:
dhcp-range=set:Simple-10.0.0.0-24,10.0.0.0,static,255.255.255.0,infinite
interface=xx

So the VNET like and interface
You assign the VNNET interface, "xx" in this case, to your VM.

This is all according to this docs. https://pve.proxmox.com/wiki/Setup_Simple_Zone_With_SNAT_and_DHCP

For me I"m now seeing a issue where dnsmasq is seeing the dhcp request on interface "xx" but logging a error.
packet received on xx which has no address
because "xx" does not have an IP address host side.

This is nothing in the docs on this issue.
If you have insight, please let me know. --Dad
 
The issue is that if you use dhcp , you must also set a gateway.
That becomes the IP on the host that works with dhcp.
If you set a gateway, it will try and confirm the existence of the reverse (PTR) lookup in you DNS.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back