[SOLVED] Basic networking out of the box

Code: 
root@proxmox:~# tcpdump -envi eth0 icmp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
09:33:44.556904 00:15:5d:38:01:0b > b0:a7:b9:22:3a:94, ethertype IPv4 (0x0800), length 120: (tos 0xc0, ttl 64, id 4814, offset 0, flags [none], proto ICMP (1), length 106)
    192.168.0.14 > 192.168.0.251: ICMP 192.168.0.14 udp port 137 unreachable, length 86
        (tos 0x0, ttl 64, id 47033, offset 0, flags [DF], proto UDP (17), length 78)
    192.168.0.251.56278 > 192.168.0.14.137: UDP, length 50
09:33:44.568673 00:15:5d:38:01:0b > b0:a7:b9:22:3a:94, ethertype IPv4 (0x0800), length 120: (tos 0xc0, ttl 64, id 4816, offset 0, flags [none], proto ICMP (1), length 106)
    192.168.0.14 > 192.168.0.251: ICMP 192.168.0.14 udp port 137 unreachable, length 86
        (tos 0x0, ttl 64, id 47044, offset 0, flags [DF], proto UDP (17), length 78)
    192.168.0.251.60581 > 192.168.0.14.137: UDP, length 50
09:33:58.959657 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12026, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 1, length 64
09:33:59.980962 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12227, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 2, length 64
09:34:01.004926 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12267, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 3, length 64
09:34:02.029111 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12456, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 4, length 64
09:34:03.052894 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12465, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 5, length 64
09:34:04.076939 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12468, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 6, length 64
09:34:05.483105 00:15:5d:38:01:0b > b0:a7:b9:22:3a:94, ethertype IPv4 (0x0800), length 120: (tos 0xc0, ttl 64, id 7530, offset 0, flags [none], proto ICMP (1), length 106)
    192.168.0.14 > 192.168.0.251: ICMP 192.168.0.14 udp port 137 unreachable, length 86
        (tos 0x0, ttl 64, id 57424, offset 0, flags [DF], proto UDP (17), length 78)
    192.168.0.251.34033 > 192.168.0.14.137: UDP, length 50
09:34:05.493791 00:15:5d:38:01:0b > b0:a7:b9:22:3a:94, ethertype IPv4 (0x0800), length 120: (tos 0xc0, ttl 64, id 7531, offset 0, flags [none], proto ICMP (1), length 106)
    192.168.0.14 > 192.168.0.251: ICMP 192.168.0.14 udp port 137 unreachable, length 86
        (tos 0x0, ttl 64, id 57434, offset 0, flags [DF], proto UDP (17), length 78)
    192.168.0.251.37248 > 192.168.0.14.137: UDP, length 50
09:34:26.400395 00:15:5d:38:01:0b > b0:a7:b9:22:3a:94, ethertype IPv4 (0x0800), length 120: (tos 0xc0, ttl 64, id 12049, offset 0, flags [none], proto ICMP (1), length 106)
    192.168.0.14 > 192.168.0.251: ICMP 192.168.0.14 udp port 137 unreachable, length 86
        (tos 0x0, ttl 64, id 58708, offset 0, flags [DF], proto UDP (17), length 78)
    192.168.0.251.50067 > 192.168.0.14.137: UDP, length 50
09:34:26.411171 00:15:5d:38:01:0b > b0:a7:b9:22:3a:94, ethertype IPv4 (0x0800), length 120: (tos 0xc0, ttl 64, id 12052, offset 0, flags [none], proto ICMP (1), length 106)
    192.168.0.14 > 192.168.0.251: ICMP 192.168.0.14 udp port 137 unreachable, length 86
        (tos 0x0, ttl 64, id 58709, offset 0, flags [DF], proto UDP (17), length 78)
    192.168.0.251.36584 > 192.168.0.14.137: UDP, length 50
09:34:27.232990 00:15:5d:38:01:0b > a4:bb:6d:e4:e0:61, ethertype IPv4 (0x0800), length 120: (tos 0xc0, ttl 64, id 27248, offset 0, flags [none], proto ICMP (1), length 106)
    192.168.0.14 > 192.168.0.100: ICMP 192.168.0.14 udp port 137 unreachable, length 86
        (tos 0x0, ttl 128, id 42889, offset 0, flags [none], proto UDP (17), length 78)
    192.168.0.100.63204 > 192.168.0.14.137: UDP, length 50
09:34:27.233092 00:15:5d:38:01:0b > a4:bb:6d:e4:e0:61, ethertype IPv4 (0x0800), length 183: (tos 0xc0, ttl 64, id 27249, offset 0, flags [none], proto ICMP (1), length 169)
    192.168.0.14 > 192.168.0.100: ICMP 192.168.0.14 udp port 161 unreachable, length 149
        (tos 0x0, ttl 128, id 42890, offset 0, flags [none], proto UDP (17), length 141)
    192.168.0.100.63205 > 192.168.0.14.161:  { SNMPv1 { GetRequest(98) R=813225977  .1.3.6.1.2.1.1.1.0 .1.3.6.1.2.1.1.2.0 .1.3.6.1.2.1.1.4.0 .1.3.6.1.2.1.1.5.0 .1.3.6.1.2.1.1.6.0 .1.3.6.1.2.1.1.7.0 } }

I pinged 192.168.0.14 from the container, then 192.168.0.1 from the container.

Code: 
root@proxmox-container:~# ping 192.168.0.14
PING 192.168.0.14 (192.168.0.14) 56(84) bytes of data.
64 bytes from 192.168.0.14: icmp_seq=1 ttl=64 time=0.021 ms
64 bytes from 192.168.0.14: icmp_seq=2 ttl=64 time=0.030 ms
64 bytes from 192.168.0.14: icmp_seq=3 ttl=64 time=0.028 ms
64 bytes from 192.168.0.14: icmp_seq=4 ttl=64 time=0.025 ms
64 bytes from 192.168.0.14: icmp_seq=5 ttl=64 time=0.030 ms
^C
--- 192.168.0.14 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4078ms
rtt min/avg/max/mdev = 0.021/0.026/0.030/0.003 ms
root@proxmox-container:~# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
^C
--- 192.168.0.1 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5117ms

root@proxmox-container:~#

Finally, just to check we haven't lost our marbles a sanity check to check that proxmox itself is still able to see the gateway:

Code: 
root@proxmox:~# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=1.13 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.625 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=0.821 ms
64 bytes from 192.168.0.1: icmp_seq=4 ttl=64 time=0.746 ms
^C
--- 192.168.0.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3029ms
rtt min/avg/max/mdev = 0.625/0.830/1.129/0.186 ms

Also trying something else on the network:

Code: 
root@proxmox:~# ping 192.168.0.99
PING 192.168.0.99 (192.168.0.99) 56(84) bytes of data.
64 bytes from 192.168.0.99: icmp_seq=1 ttl=64 time=0.338 ms
64 bytes from 192.168.0.99: icmp_seq=2 ttl=64 time=0.380 ms
64 bytes from 192.168.0.99: icmp_seq=3 ttl=64 time=0.344 ms
64 bytes from 192.168.0.99: icmp_seq=4 ttl=64 time=0.381 ms
^C
--- 192.168.0.99 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3079ms
rtt min/avg/max/mdev = 0.338/0.360/0.381/0.019 ms
 
Last edited:
i mean:

Code: 
09:33:58.959657 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12026, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 1, length 64
09:33:59.980962 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12227, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 2, length 64
09:34:01.004926 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12267, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 3, length 64
09:34:02.029111 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12456, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 4, length 64
09:34:03.052894 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12465, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 5, length 64
09:34:04.076939 ce:ec:23:71:85:72 > c0:3e:0f:30:53:8c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 12468, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.0.231 > 192.168.0.1: ICMP echo request, id 444, seq 6, length 64
09:34:05.483105 00:15:5d:38:01:0b > b0:a7:b9:22:3a:94, ethertype IPv4 (0x0800), length 120: (tos 0xc0, ttl 64, id 7530, offset 0, flags [none], proto ICMP (1), length 106)
    192.168.0.14 > 192.168.0.251: ICMP 192.168.0.14 udp port 137 unreachable, length 86

the packets are leaving the host...

i'm honestly out of ideas, you could check if c0:3e:0f:30:53:8c really is the MAC address of your router. but other than that, it seems like the problem might be in your network and not on the PVE end...
 
oguz said:
really looks like there's some filtering going on in your network, maybe switch or gateway?...

you could test making a new bridge on your host, with a different subnet, and set up masquerading [0].
if it works with the masquerade NAT setup, then there's filtering on your network.

[0]: https://pve.proxmox.com/wiki/Networ...ith_tt_span_class_monospaced_iptables_span_tt
Click to expand...

I have just tried a complete new installation using Hyper-V nested virtualisation on to which I have ubuntu with KVM running a windows 10 guest. That seems to have no problems and works out of the box. I then tried exactly the same with a fresh proxmox nested on Hyper-V - and it doesn't work.

I created a second subnet yesterday using that page and it didn't work. Although today l notice that the interface name is different, so I will give that another try.
There is no filtering, its an ISP switch with DHCP with one or two reserved addresses and I can't ping other devices in the same dumb switch even with static IP's.
 
drjaymz@ said:
. I then tried exactly the same with a fresh proxmox nested on Hyper-V - and it doesn't work.
Click to expand...
well... that would explain a lot ;)

(you should have mentioned that in the very beginning, FWIW)

you'll need to enable "promiscuous mode" (or whatever that might be called in hyper-v) for your networking to work in a nested setup with bridging...

if you try the PVE on real hardware the default bridged networking setup should work as expected.

but generally we don't recommend nested setups.
 
Last edited:
oguz said:
well... that would explain a lot ;)

(you should have mentioned that in the very beginning, FWIW)

you'll need to enable "promiscuous mode" (or whatever that might be called in hyper-v) for your networking to work in a nested setup with bridging...

if you try the PVE on real hardware the default bridged networking setup should work as expected.

but generally we don't recommend nested setups.
Click to expand...

Thanks, sorry if I didn't make that clear at the start but note it didn't dent my enthusiasm. Standard practice to try these things in lab environment first and my personal machine is much more capable than our actual servers.

So for anyone following along I think you need these two:

Mac spoofing and Port Mirroring.

1642677444113.png

And then in the guest, you can set DHCP and it all bursts into life.


1642677577961.png

So going back to my OP, I said I was missing something fundamental and this was it.

It doesn't explain why my ubuntu KVM works correctly, and if it hadn't I wouldn't have been so confused. But thats not a proxmox concern.
 
  • Like
Reactions: craigc
drjaymz@ said:
And then in the guest, you can set DHCP and it all bursts into life.
Click to expand...
great. please mark the thread [SOLVED] for others :) (might also make sense to edit the first post so they don't need to read the whole thread to figure out it was hyper-v related ;) )

drjaymz@ said:
It doesn't explain why my ubuntu KVM works correctly, and if it hadn't I wouldn't have been so confused. But thats not a proxmox concern.
Click to expand...

probably because there wasn't an extra bridge there ^^
 
You must log in or register to reply here.
Top Bottom