Udo;
Thanks once more for your expertise and ideas.
1) I tried your "tcpdump" suggestion and can verify successful round-trip traffic from the Proxmox VE host to the gateway and back (some interline spacing added for clarity):
Code:
# tcpdump -i eth0 -n host 192.168.1.1
tcpdump: WARNING: eth0: no IPv4 address assigned
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:47:15.282657 IP 192.168.1.230 > 192.168.1.1: ICMP echo request, id 63497, seq 1, length 6
11:47:15.282972 IP 192.168.1.1 > 192.168.1.230: ICMP echo reply, id 63497, seq 1, length 64
11:47:16.281649 IP 192.168.1.230 > 192.168.1.1: ICMP echo request, id 63497, seq 2, length 64
11:47:16.281960 IP 192.168.1.1 > 192.168.1.230: ICMP echo reply, id 63497, seq 2, length 64
2) Your second contribution is a hypothesis that our gateway or other elements of our network may be causing the problem.
That is always a possibility. In the original troubleshooting, we discounted it somewhat since so many other operating systems and hosts, items of network software, network security applications, and so on work properly "out of the box" on the network in its current configuration. Nothing in the network infrastructure has changed for at least 8 months, so there is no recent "network changed" event that would give us a handle on where to start looking.
But before we proceed further, we should test the hypothesis of LAN error, whether in configuration or in operation. I may benefit from some help in setting out additional tests, but here's a start:
Problem
CentOS client VM under Proxmox Virtual Environment 1.7 cannot reach the Internet with network traffic (see previous postings in this thread for additional details).
Hypotheses and Tests
Note: our general hypothesis is that the local area network (LAN) is causing the problem, based on your previous post.
H1 - The LAN gateway is preventing any traffic from reaching the Internet.
Test A - Test using "ping" command from local hosts to Internet hosts
- ping from non-Proxmox host to an Internet host by IP address - SUCCESS
- ping from non-Proxmox host to an Internet host by domain name - SUCCESS
- ping from Proxmox host to an Internet host by IP address - SUCCESS
- ping from Proxmox host to an Internet host by domain name - SUCCESS
- ping from CentOS guest (under Proxmox host) to an Internet host by IP address - FAIL (see previous post for details)
- ping from CentOS guest (under Proxmox host) to an Internet host by domain name - FAIL (see previous post for details)
- H1 - not true (normally I would say "not supported", but this may be a little more clear): all hosts and devices except the CentOS guest are successfully pinging external Internet addresses
H2 - Our local changes to the CentOS VM network setup have made it unable to reach the Internet
Test A - Test by building a new Proxmox host and installing a fresh copy of the CentOS guest VM making NO changes to the default install. Then run the network tests that failed in H1 above.
- to be completed
H3 - The LAN configuration is incompatible with the networking created by a default Proxmox install of the CentOS KVM virtual guest.
Note: this is the hypothesis I believe you were suggesting in your most recent posting. It's a pretty large area to cover, but we can narrow it down knowing that almost everything works as expected, except for "ping" and other network requests from the CentOS guest OS.
H3.1 - The local sub-LAN or the LAN gateway does not support multiple IPs from one MAC address.
I would imagine that the Proxmox VE host always generates multiple IP addresses from a single hardware device. If that was the problem, there should be signs of it in all network traffic, whether external (Internet) or local.
Test A - Scan for network traffic from the CentOS VM - it should not be routed if it is incompatible with the LAN switches / hubs / gateway.
- passively scan at network switch for traffic involving CentOS guest (under Proxmox host) - SUCCEED
- ping from CentOS guest (under Proxmox host) to a local host by IP address - SUCCEED
H3.1 - not true: the CentOS guest is successfully pinging (local) LAN addresses
H3.2 - The local sub-LAN or the LAN gateway do not support Internet access for the 192.168.0.nnn address space.
This hypothesis appears because I notice that no internal traffic in our LAN uses the 192.168.0.nnn (255/255/255/0) space except the CentOS guest. (I am looking at our passive network security scanner alerts.) Why does the CentOS guest use that address space? I don't know - it was assigned automagically by Proxmox during installation of the CentOS virtual client.
Test A - Set the CentOS virtual client to use a subnetwork address space that is already working properly in this part of our LAN, then re-run the ping tests from above.
Test B - Set a known-good network host to operate using a 192.168.0.nnn address (different from the one assigned to the CentOS guest) and re-run the ping tests from above.
OK - that's as far as I have gotten today. I will work on H2 - Test A now: building a duplicate Proxmox server, then doing a duplicate CentOS guest installation. All steps will be recorded this time. If the resulting build has the same problem as the one we have been discussing, then I'd like to tackle H3.2 next.
I have a couple of
quick questions:
- What is the Proxmox-approved way to change the subnetwork space used by client VMs?
- If these tests don't identify the problem, can you suggest other hypotheses to test?