Access Web Interface on other Interface than the one used in installation

M

Meddten

New Member
Dec 19, 2023
7
0
1
Hi,

I installend 8.1 using the IP 11.22.33.44.

Therfore I can access the Web Interface on 11.22.33.44:8006

I added a VLAN on vmbr1 with IP 10.100.2.2

I can ssh to the machine with 10.100.2.2:22

But i CANT access the web interface with 10.100.2.2:8006

Is there something to configure?

Code: 
auto lo
iface lo inet loopback

iface enp35s0 inet manual

auto enp35s0.4000
iface enp35s0.4000 inet manual
        mtu 1400
#vSwitch

auto vmbr0
iface vmbr0 inet static
       address 11.22.33.44/26
       gateway 1.2.3.4
       bridge-ports enp35s0
       bridge-stp off
       bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 10.100.2.2/24
        bridge-ports enp35s0.4000
        bridge-stp off
        bridge-fd 0
        up ip route add 10.100.0.0/16 via 10.100.2.1
        up ip route add 10.10.10.0/24 via 10.100.2.1
 
tempacc346235 said:
You are ssh'ing in and "accessing" 8006 from the same machine? What does "cannot access" mean? Timing out in web browser?
Click to expand...

Yes same machine. SSH works but Web Interface not. Timeout in browser.

I dont understand. Firewall is not an issue.
 
Do you work for DoD?
Code: 
IP address 11.22. 33.44 is operated by DoD Network Information Center
, if you dont - why did you pick a public IP for a private network?

I am assuming you are extremely well versed in networking, given the various subnets, MTUs, routes and vlans?
If you are not, I would start with something much simpler.

For now, try "curl -sk https://10.100.2.2:8006 |grep -i title", if that works - the problem is in the network setup.

PS you showed us the saved config, it could be very different from the running config, ie "ip a"

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
bbgeek17 said:
Do you work for DoD?
Code: 
IP address 11.22. 33.44 is operated by DoD Network Information Center
, if you dont - why did you pick a public IP for a private network?

I am assuming you are extremely well versed in networking, given the various subnets, MTUs, routes and vlans?
If you are not, I would start with something much simpler.

For now, try "curl -sk https://10.100.2.2:8006 |grep -i title", if that works - the problem is in the network setup.

PS you showed us the saved config, it could be very different from the running config, ie "ip a"

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
Click to expand...

Of course that IP is faked for posting. Its not the real one i use. But yes the real one is also a public.

Yeah curl works. Its a network problem then. Maybe it has to do with the mtu size on the vlan

ip a

Code: 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp35s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether a8:a1:59:0f:75:18 brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a8:a1:59:0f:75:18 brd ff:ff:ff:ff:ff:ff
    inet 11.22.33.44/26 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::aaa1:59ff:fe0f:7518/64 scope link
       valid_lft forever preferred_lft forever
4: enp35s0.4000@enp35s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue master vmbr1 state UP group default qlen 1000
    link/ether a8:a1:59:0f:75:18 brd ff:ff:ff:ff:ff:ff
5: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a8:a1:59:0f:75:18 brd ff:ff:ff:ff:ff:ff
    inet 10.100.2.2/24 scope global vmbr1
       valid_lft forever preferred_lft forever
    inet6 fe80::aaa1:59ff:fe0f:7518/64 scope link
       valid_lft forever preferred_lft forever
 
Last edited:
Meddten said:
Yeah curl works. Its a network problem then. Maybe it has to do with the mtu size on the vlan
Click to expand...
Wait a minute ... what's in the PEM: openssl x509 -in -noout -text -in /etc/pve/local/pve-ssl.pem

EDIT: Field "X509 Subj Alt Name" to be precise.
 
Last edited:
tempacc346235 said:
Wait a minute ... what's in the PEM: openssl x509 -in -noout -text -in /etc/pve/local/pve-ssl.pem

EDIT: Field "X509 Subj Alt Name" to be precise.
Click to expand...


e.g this

Code: 
            X509v3 Subject Alternative Name:
                IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, DNS:localhost, IP Address:11.22.33.44, DNS:pve3,

Can this cause the timeout?
 
Meddten said:
e.g this

Code: 
            X509v3 Subject Alternative Name:
                IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1, DNS:localhost, IP Address:11.22.33.44, DNS:pve3,

Can this cause the timeout?
Click to expand...
Can you test to access via DNS lookup? Fake yourself (maybe you have split horizon DNS anyways?) pve3 to resolve to your private IP (non-working) and access via browser?
 
tempacc346235 said:
Can you test to access via DNS lookup? Fake yourself (maybe you have split horizon DNS anyways?) pve3 to resolve to your private IP (non-working) and access via browser?
Click to expand...
Does not work

/etc/hosts has also the public ip. changed it to nonworking an regenerated pvecm updatecerts --force

Still not working.

Maybe the public ip is in many other places which i dont know
 
Meddten said:
Does not work
Click to expand...

That was very quick. You sound like you know what you are doing, but just double checking you had the machine you are accessing the 8006 from via browser have it's dig pve3 tell you 10.100.2.2 ?

Meddten said:
/etc/hosts has also the public ip. changed it to nonworking an regenerated pvecm updatecerts --force
Click to expand...

Grr, this will cause some more issues with ssh later on with PVE.

Meddten said:
Still not working.

Maybe the public ip is in many other places which i dont know
Click to expand...

The thing is, it's definitely in /etc/corosync/corosync.conf, but that's not the issue - you want to have the cluster ring0 be on public IP? Or this is not a cluster?
 
tempacc346235 said:
That was very quick. You sound like you know what you are doing, but just double checking you had the machine you are accessing the 8006 from via browser have it's dig pve3 tell you 10.100.2.2 ?



Grr, this will cause some more issues with ssh later on with PVE.



The thing is, it's definitely in /etc/corosync/corosync.conf, but that's not the issue - you want to have the cluster ring0 be on public IP? Or this is not a cluster?
Click to expand...
Yeah dig pve3 retrieves 10.100.2.2

Its at the moment not in a cluster (therefore no corosync.conf) but i should be when this is working.

I have to go to an appointment now. I will checkin later.

Thank you!!
 
Before more random hit'n'miss, can you e.g. tunnel it ssh -L 8006:localhost:8006 root@10.100.2.2 then access localhost:8006 if that works?
 
Meddten said:
Code: 
auto lo
iface lo inet loopback

iface enp35s0 inet manual

auto enp35s0.4000
iface enp35s0.4000 inet manual
        mtu 1400
#vSwitch

auto vmbr0
iface vmbr0 inet static
       address 11.22.33.44/26
       gateway 1.2.3.4
       bridge-ports enp35s0
       bridge-stp off
       bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address 10.100.2.2/24
        bridge-ports enp35s0.4000
        bridge-stp off
        bridge-fd 0
        up ip route add 10.100.0.0/16 via 10.100.2.1
        up ip route add 10.10.10.0/24 via 10.100.2.1
Click to expand...

Would you also mind trying with post-up ip link set dev enp35s0.4000 mtu 1400 in the vmbr1 instead?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back