[SOLVED] Proxmox 8.3.3 - guest windows server 2019 no internet

[roboto]

Hello.
Im using proxmox 8.3.3 and after many tries I registered here to ask if anyone has a solution.

Guest operating system windows 2019 has no internet connection. I tried many things, checked instructions for default bridge settings but that somehow completely breaks my network.

I am renting a dedicated server and my intention is to use windows as a remote desktop.

I use virtIO drivers, everything is installed but I'm getting a yellow triangle over the network icon.

I am not sure how to configure linux bridge (vmbr0) which I created manually.

Every single tutorial I found on youtube has their internet just work out of box after virtIO drivers install.

I'm spinning in circles for days re-installing server and breaking network settings.

 

[Moayad]

Please provide us with the network configuration from the Proxmox VE server `cat /etc/network/interface` and the Windows VM config `qm config <VMID>` as well as the screenshot of the network configuration inside the VM. This can help us identify where is the issue.

 

[roboto]

content of the /etc/network/interfaces

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet static
address xx.xxx.xxx.46/23
gateway xx.xxx.xxx.1
dns-nameservers 62.141.32.5 62.141.32.4 62.141.32.3
dns-search host
# dns-* options are implemented by the resolvconf package, if installed

auto vmbr0
iface vmbr0 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

Please note that I've hid the server IP and host name, i do not want someone tho google this and start pinging or brute force me.

qm config

bios: ovmf
boot: order=scsi0;ide0;ide2;net0
cores: 8
cpu: x86-64-v2-AES
efidisk0: local:101/vm-101-disk-0.qcow2,efitype=4m,pre-enrolled-keys=1,size=528K
ide0: local:iso/virtio-win-0.1.266.iso,media=cdrom,size=707456K
ide2: local:iso/en_windows_server_2019_vl_x64_by_AG_06.2023.iso,media=cdrom,size=5554208K
machine: pc-q35-9.0
memory: 18000
meta: creation-qemu=9.0.2,ctime=1738239105
name: w19
net0: virtio=BC:24:11:CA:136,bridge=vmbr0,tag=1
numa: 0
ostype: win10
scsi0: local:101/vm-101-disk-1.qcow2,iothread=1,size=1600G
scsihw: virtio-scsi-single
smbios1: uuid=9798ba4d-fd5b-4098-b434-954f67a56cbd
sockets: 1
vmgenid: 0eb95a48-90a5-49c9-acf4-4a73b76b1ec3

Virtual machine config in attachments

 

[Moayad]

Thank you!

To understand the situation (correct me if I not understand correct!). The issue is that your main NIC `enp2s0` has the server's IP, but `vmbr0` is set to `manual` with no `bridge-ports` defined. That means the VM's virtual NIC is essentially `bridged` to nothing... so it can't reach the outside network and ends up with that 169.x.x.x address. Typically, you'll want to move the IP address/gateway from the main NIC onto `vmbr0` then include it as the port for `vmbr0` e.g.:

auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet manual

auto vmbr0
iface vmbr0 inet static
    address xx.xxx.xxx.46/23
    gateway xx.xxx.xxx.1
    bridge-ports enp2s0
    bridge-stp off
    bridge-fd 0

And then give the public IP to the Windows VM manually inside the VM.

 

[roboto]

Thanks!
This is the first time that I didn't completely break the network.

However I still can't make the internet work on the VM. Are you referring to a server's IP? Cause that's what I assigned in vm settings.

I'll just delete a vm and make new one, i messed too much with a settings. Will see how it goes.

Ok, still not working but this is the first time ever I was offered an option to allow VM to bee seen on the network and I selecte "yes"

 

[roboto]

Ok... I'm stuck.
This is current settings on the vm.

 

[roboto]

One more update, network says that it's connected now (with the settings above) but internet still does not work.

 

[_gabriel]

is public ip really end /23 ?
I bet on /32, which is 1 public ip, like rented dedicated online, which need SDN (or add iptables rules manually) for PVE act as router / Masquerading, for VM as only host can have the only 1 public ip.

 

[roboto]

It ends with /23. I only hid the IP. I am not sure where exactly is the problem with my settings. I did this without proxmox last year but I forgot everything.
I remember routing incoming traffic to a RDP port but I can't remember what I did to make internet work.
One more thing that I remember is that VM did not have a public IP, all traffic was routed to it's internal IP and everything worked. This time I wanted to try proxmox for the convenience of GUI.
Edit:
After the vm reboot I am back to "no internet", I didn't change any settings at all.

 

[_gabriel]

so you need to enable PVE act as router, like the docs https://pve.proxmox.com/wiki/Networ...sts having only,routed to the original sender.

or you can use GUI with new SDN, but afaik redirect port isn't yet integrated.

ofc, don't open 3389 publicly which is done when you add a PREROUTING iptables rules.
don't allow 8006 publicly too, only for whitelisted ip or setup vpn.

 

[roboto]

Thank you, I'll try that

 

[roboto]

Ok, I tried it. This completely breaks the network settings. I have to boot it in rescue mode and recover the network setup

 

[Moayad]

Could you share what you did in order to see where the issue was?

Is your goal to assign a public IP for the Windows VM or a private IP with NAT in order to reach the VM through Remote Desktop?

 

[roboto]

Could you share what you did in order to see where the issue was?

Is your goal to assign a public IP for the Windows VM or a private IP with NAT in order to reach the VM through Remote Desktop?

I followed instructions from this link:
https://pve.proxmox.com/wiki/Network_Configuration#:~:text=Masquerading allows guests having only,routed to the original sender

This configuration breaks the network settings completely. I can reach the server only in rescue mode.

Before that I followed your instructions for the bridge settings this was the config in the vm:

R

[SOLVED] Post in thread 'Proxmox 8.3.3 - guest windows server 2019 no internet'

Jan 30, 2025

Ok... I'm stuck.
This is current settings on the vm.

• roboto

I still did not have the internet access but I finally had an option to be visible on the network.

What I'm trying to do is to have an internet access via VM and to access it as RDP using the server's IP. VM does not need to have a public IP from what I remember, all traffic was routed to an internal VM IP.

As mentioned above, I already did this in ubuntu without gui but I did so many things afterwards that I can't remember what I did to make it work.



If there's solution for this I'd like to use proxmox cause having gui is more convenient.

 

[Moayad]

Hi,

What I'm trying to do is to have an internet access via VM and to access it as RDP using the server's IP. VM does not need to have a public IP from what I remember, all traffic was routed to an internal VM IP.

In this case you have to set up a router/NAT for your VM, which means the VM sits behind a private IP like `10.0.0.x` and then Proxmox `masquerades` the traffic out through your public IP as mentioned in the wiki guide.

This configuration breaks the network settings completely. I can reach the server only in rescue mode.

Could you please share the network configuration you used?

 

[roboto]

Hi,


In this case you have to set up a router/NAT for your VM, which means the VM sits behind a private IP like `10.0.0.x` and then Proxmox `masquerades` the traffic out through your public IP as mentioned in the wiki guide.

Can you share a guide how to do it including bridge configuration?
Networking is my weaker side. I did this a lot back in the days of win XP but that was 15 years ago.

Could you please share the network configuration you used?

Unfortunately I can't cause I re-installed the server completely with fresh proxmox install.
In short I followed all the instructions above.
Your instruction made server visible on the local network but internet still didn't work.
Following this:
https://pve.proxmox.com/wiki/Network_Configuration#:~:text=Masquerading allows guests having only,routed to the original sender
broke it completely.

Now i have fresh install and any help would be hugely appreciated.
Thanks

 

[Moayad]

Ok just update the network config in your Proxmox VE `/etc/network/interfaces` as the following, (You may have to edit the private IP in the `vmbr0` to 192.168.x.x instead). After you modified the configuration run the `ifreload -a` command to apply the config.

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet static
address xx.xxx.xxx.46/23
gateway xx.xxx.xxx.1
dns-nameservers 62.141.32.5 62.141.32.4 62.141.32.3
dns-search host
# dns-* options are implemented by the resolvconf package, if installed



auto vmbr0
iface vmbr0 inet static
        address 10.0.0.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3389 -j DNAT --to 10.0.0.5:3389

Note, you have to assign the IP `10.0.0.5` (or any subnet or IP you assign in the vmbr0 bridge) to the Windows VM manually. The last line `post-up iptables` in the above config is to forward the port RDP to the VM.

 

[_gabriel]

Remember as per Docs :
In some masquerade setups with firewall enabled, conntrack zones might be needed for outgoing connections. Otherwise the firewall could block outgoing connections since they will prefer the POSTROUTING of the VM bridge (and not MASQUERADE).
Adding these lines in the /etc/network/interfaces can fix this problem:

post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

 

[roboto]

Report.
This is my config

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet static
address xx.xx.xx.46/23
gateway xx.xx.xx..1
dns-nameservers 62.141.32.5 62.141.32.4 62.141.32.3
dns-search host
# dns-* options are implemented by the resolvconf package, if installed



auto vmbr0
iface vmbr0 inet static
        address 192.168.1.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.1.1/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.1.1/24' -o vmbr0 -j MASQUERADE
        post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 3389 -j DNAT --to 192.168.1.2:3389
        post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

I'm getting a dns error in the VM, also VM config is attached

 

[_gabriel]

subnet /24 = 255.255.255.0