[SOLVED] Basic networking out of the box

[drjaymz@]

I have spent all morning trying to get a basic guest vm working but I am missing some fundamental understanding of the way the networking needs to be configured. I searched everywhere and none of the solutions work.
I have a residential broadband NAT network 192.168.0.0/24 and proxmix lives on 0.14.
I have installed a Win10 Guest and all I want it to do is to be able to get an address on that 0 subnet and access the internet. The gateway is 192.168.0.1 and DHCP is enabled on there.

I mistakenly thought that the virtual bridge which is supposed to be bridging would pass anything connected through it to the 0 subnet where it would pick up an IP address and it would just work. Thats because thats what VMWare, VirtualBox etc all do. Hyper-V is a little different in that you set up a virtual switch.

I have a bunch of Legacy KVM VM's I'd like to be able to manage much easier and this ticks most of the boxes.

[Edit: I am using Hyper-V with nested virtualisation so proxmox isn't at the baremetal]

 

[Hannes Laimer]

Hey,

the VM should get an IP. Did you install the proper VirtIO drivers in the VM[1]? Do other (not windows) VMs get an IP?

[1] https://pve.proxmox.com/wiki/Windows_10_guest_best_practices#Drivers_and_Services

 

[drjaymz@]

I followed the best practices and yes I have the drivers installed. I used the VirtIO network driver and the network device does show up. I tried other network devices but I think the problem is proxmox not the network drivers.

I manually set a fixed IP of 0.234 and gateway to 192.168.0.1 in guest but that doesn't work.

I have ubuntu guest and that doesn't work either. Same problem. i.e there is no networking working in the guest, we get the network interface but nothing else.

I thought it might be a simple question because proxmox is out of the box, and with windows all I did was install the drivers.

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.0.14/24
gateway 192.168.0.1
bridge-ports eth0
bridge-stp off
bridge-fd 0

 

[Hannes Laimer]

Can you ping your gateway from PVE?

 

[drjaymz@]

Yes,

root@proxmox:~# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=54.1 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=63.6 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=63.9 ms

 

[Hannes Laimer]

But pinging the gateway(or PVE) from the VMs does not work?

 

[drjaymz@]

correct

c:\users\proxmox>ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
Reply from 192.168.0.234: Destination host unreachable.

 

[drjaymz@]

And that VM is configured to use vmbr0.

I can see some bytes sent and received, but I have no idea what they are and no way to figure that out with no way to install anything useful on the vm.

I'm sure I have it configured correctly - it just doesn't work.

 

[Hannes Laimer]

Try to reboot your PVE. Could you post the VM config of your linux guest and the output of ip a and ip r (in the linux guest).

 

[Dunuin]

Did you also make sure that your guest got a gateway defined?

 

[drjaymz@]

I have rebooted proxmox a few times no change.
I have 192.168.0.1 defined as the gateway in the guests. I have one ubuntu and one windows 10 guest at the moment.

What I thought I'd try was to configure both guests with a static IP and see if they can ping each other.

After that I will report back.

 

[drjaymz@]

OK, so I set win10 and ubuntu to 192.168.0.243 and 192.168.0.242 and the CAN ping each other AND 192.168.0.14 which is proxmox itself
But they cannot see anything outside of the proxmox world at all.

So to summarise, I have a 192.168.0.0/24 network which has 192.168.0.1 gateway and another 70 machines on it. I have set up proxmox on 192.168.0.14 and can see that from my network (obviously using the web interface etc).

I have a virtual bridge vbr01 which is bound to the ethernet interface,
CIDR 192.168.0.14/24 and gateway 192.168.0.1
Firewall is not enabled at host or vm level.

 

[oguz]

what is your gateway?
is it possible that you have some kind of mac filtering there?

also like @Hannes Laimer asked could you post the VM config and the output of the commands in the above post?

(hint: use [code][/code] tags when posting command outputs )

and also post these command outputs from your PVE node:
* ip -details link
* ip address
* ip route

other than that, could you also try making a container?

and just in case post your pveversion -v output from the PVE host

 

[drjaymz@]

My Gateway is 192.168.0.1 and there is no mac filtering on it.

Linux proxmox 5.13.19-2-pve #1 SMP PVE 5.13.19-4 (Mon, 29 Nov 2021 12:10:09 +0100) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed Jan 19 16:08:12 GMT 2022 on pts/0
root@proxmox:~# pveversion -v
proxmox-ve: 7.1-1 (running kernel: 5.13.19-2-pve)
pve-manager: 7.1-7 (running version: 7.1-7/df5740ad)
pve-kernel-helper: 7.1-6
pve-kernel-5.13: 7.1-5
pve-kernel-5.13.19-2-pve: 5.13.19-4
ceph-fuse: 15.2.15-pve1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.22-pve2
libproxmox-acme-perl: 1.4.0
libproxmox-backup-qemu0: 1.2.0-1
libpve-access-control: 7.1-5
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.0-14
libpve-guest-common-perl: 4.0-3
libpve-http-server-perl: 4.0-4
libpve-storage-perl: 7.0-15
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 4.0.11-1
lxcfs: 4.0.11-pve1
novnc-pve: 1.2.0-3
proxmox-backup-client: 2.1.2-1
proxmox-backup-file-restore: 2.1.2-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.4-4
pve-cluster: 7.1-2
pve-container: 4.1-2
pve-docs: 7.1-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.3-3
pve-ha-manager: 3.3-1
pve-i18n: 2.6-2
pve-qemu-kvm: 6.1.0-3
pve-xtermjs: 4.12.0-1
qemu-server: 7.1-4
smartmontools: 7.2-1
spiceterm: 3.2-2
swtpm: 0.7.0~rc1+2
vncterm: 1.7-1
zfsutils-linux: 2.1.1-pve3

root@proxmox:/etc/pve/qemu-server# cat 101.conf 
agent: 1
balloon: 2048
boot: order=ide2;net0;ide0
cores: 4
ide0: none,media=cdrom
ide1: local-lvm:vm-101-disk-0,size=32G
ide2: none,media=cdrom
memory: 8192
meta: creation-qemu=6.1.0,ctime=1642583890
name: proxmox-win10
net0: e1000=2A:4E:71:F0:2A:3E,bridge=vmbr0
numa: 0
ostype: l26
scsihw: virtio-scsi-pci
smbios1: uuid=807207b2-2321-4d2c-8df7-5bb49b5f15cf
sockets: 1
tablet: 0
unused0: network-proxmox:101/vm-101-disk-0.qcow2
vga: virtio
vmgenid: dd219292-e68d-48bd-b8d0-36b18d947ae6

I cant get to ip a / r except through novnc which won't allow cut and paste.

 

[drjaymz@]

PS - thanks for your help so far - this ticks all the boxes if I can get over this hurdle.

 

[oguz]

thanks, could you post the rest from the host?:

and also post these command outputs from your PVE node:
* ip -details link
* ip address
* ip route
other than that, could you also try making a container?

 

[drjaymz@]

root@proxmox:~# ip -details link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0 minmtu 0 maxmtu 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:38:01:0b brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 68 maxmtu 65521 
    bridge_slave state forwarding priority 32 cost 4 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8000.0:15:5d:38:1:b designated_root 8000.0:15:5d:38:1:b hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 64 numrxqueues 64 gso_max_size 62780 gso_max_segs 65535 
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 00:15:5d:38:01:0b brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535 
    bridge forward_delay 0 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q bridge_id 8000.0:15:5d:38:1:b designated_root 8000.0:15:5d:38:1:b root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer   26.92 vlan_default_pvid 1 vlan_stats_enabled 0 vlan_stats_per_port 0 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 16 mcast_hash_max 4096 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 62780 gso_max_segs 65535 
4: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 4e:bf:5f:2c:3d:f1 brd ff:ff:ff:ff:ff:ff promiscuity 2 minmtu 68 maxmtu 65521 
    tun type tap pi off vnet_hdr on persist off 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 8000.0:15:5d:38:1:b designated_root 8000.0:15:5d:38:1:b hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
5: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 82:f8:2c:e2:85:b2 brd ff:ff:ff:ff:ff:ff promiscuity 2 minmtu 68 maxmtu 65521 
    tun type tap pi off vnet_hdr on persist off 
    bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8003 port_no 0x3 designated_port 32771 designated_cost 0 designated_bridge 8000.0:15:5d:38:1:b designated_root 8000.0:15:5d:38:1:b hold_timer    0.00 message_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on mcast_to_unicast off neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
root@proxmox:~# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether 00:15:5d:38:01:0b brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:15:5d:38:01:0b brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.14/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:fe38:10b/64 scope link 
       valid_lft forever preferred_lft forever
4: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 4e:bf:5f:2c:3d:f1 brd ff:ff:ff:ff:ff:ff
5: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 82:f8:2c:e2:85:b2 brd ff:ff:ff:ff:ff:ff
root@proxmox:~# ip route
default via 192.168.0.1 dev vmbr0 proto kernel onlink 
192.168.0.0/24 dev vmbr0 proto kernel scope link src 192.168.0.14 
root@proxmox:~#

Error: try making a container not understood.

 

[oguz]

Error: try making a container not understood.

create a new container (CT) using the GUI, and see if it can take a DHCP lease and communicate with the network normally. standard ubuntu/debian container should be fine, this is just for testing.

 

[drjaymz@]

Ubuntu 20.04 LTS proxmox-container tty1

proxmox-container login: root
Password: 
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.13.19-2-pve x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@proxmox-container:~# ping 192.168.0.14
PING 192.168.0.14 (192.168.0.14) 56(84) bytes of data.
64 bytes from 192.168.0.14: icmp_seq=1 ttl=64 time=0.105 ms
64 bytes from 192.168.0.14: icmp_seq=2 ttl=64 time=0.029 ms
64 bytes from 192.168.0.14: icmp_seq=3 ttl=64 time=0.033 ms
^C
--- 192.168.0.14 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2027ms
rtt min/avg/max/mdev = 0.029/0.055/0.105/0.034 ms
root@proxmox-container:~# ping 192.168.0.1 
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
^C
--- 192.168.0.1 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5116ms

 

[oguz]

have you changed this interface name on the host to eth0 yourself? (normally you should get predictable network interfaces like enp5s0 instead of eth0)

in any case it would be also interesting to see a packet dump from the host at this point.

try the following on the host:

apt install tcpdump
tcpdump -envi eth0 icmp

and then try pinging stuff from inside the VMs while that's running. if the ICMP packets are leaving the PVE node, then the problem might be somewhere else...