Actual problem:
No traffic on my bridge network to virtualized firewall.
Network setup related to firewall, see also interfaces config file:
virtio net0 <-> vmbr1 <-> eth1 <--> WAN
virtio net1 <-> vmbr0 <-> eth0 <--> LAN, Wifi, Clients and VMs all on the same network, no DMZ
What happened before:
This server with zfs root was running out of disk space. This affected the kvm VMs to struggle, especially the virtualized pfsense firewall was not operating properly anymore.
I freed up some space and was able to restart this VM and networking was working as expected again.
For some reason I decided to reboot the whole machine, before that I ran an update on the proxmox host:
apt-get update && apt-get dist-upgrade
From the log file
Start-Date: 2017-12-06 22:31:10
Commandline: apt-get dist-upgrade
Install: pve-kernel-4.13.8-3-pve:amd64 (4.13.8-30, automatic)
Upgrade: libpve-storage-perl:amd64 (5.0-16, 5.0-17), pve-qemu-kvm:amd64 (2.9.1-2, 2.9.1-3), pve-ha-manager:amd64 (2.0-3, 2.0-4), pve-firewall:amd64 (3.0-3, 3.0-4), pve-cluster:amd64 (5.0-15, 5.0-17), vncterm:amd64 (1.5-2, 1.5-3), spiceterm:amd64 (3.0-4, 3.0-5), pve-manager:amd64 (5.1-36, 5.1-38), libpve-common-perl:amd64 (5.0-20, 5.0-22), lxc-pve:amd64 (2.1.0-2, 2.1.1-2), libpve-http-server-perl:amd64 (2.0-6, 2.0-7), proxmox-ve:amd64 (5.1-28, 5.1-30), lxcfs:amd64 (2.0.7-pve4, 2.0.8-1)
End-Date: 2017-12-06 22:32:36
Since then I can't get any traffic (not even ping) from the clients to the firewall or vice-versa. Also the firewall is unable to get an IP from the WAN over vmbr1. I can not login from a client on the LAN network to the pfsense host, however it works from within proxmox over ssh:
client <-> proxmox host <-> pfsense
I can also use w3m to connect to the web interface of pfsense, so the wm seems to work fine.
I checked the hardware tabs of the pfsense VM and they show the correct network interfaces, so nothing has changed there.
Any ideas? How could the reboot have messed up things? I don't think that it's related to the updated packages above, as those are all minor updates.
I'll try the following:
- Communication between LXC containers that are also using vmbr0
- Setup a new kvm machine on vmbr0 and vmbr1 and check whether that works
Thanks in advance for your help!
No traffic on my bridge network to virtualized firewall.
Network setup related to firewall, see also interfaces config file:
virtio net0 <-> vmbr1 <-> eth1 <--> WAN
virtio net1 <-> vmbr0 <-> eth0 <--> LAN, Wifi, Clients and VMs all on the same network, no DMZ
What happened before:
This server with zfs root was running out of disk space. This affected the kvm VMs to struggle, especially the virtualized pfsense firewall was not operating properly anymore.
I freed up some space and was able to restart this VM and networking was working as expected again.
For some reason I decided to reboot the whole machine, before that I ran an update on the proxmox host:
apt-get update && apt-get dist-upgrade
From the log file
Start-Date: 2017-12-06 22:31:10
Commandline: apt-get dist-upgrade
Install: pve-kernel-4.13.8-3-pve:amd64 (4.13.8-30, automatic)
Upgrade: libpve-storage-perl:amd64 (5.0-16, 5.0-17), pve-qemu-kvm:amd64 (2.9.1-2, 2.9.1-3), pve-ha-manager:amd64 (2.0-3, 2.0-4), pve-firewall:amd64 (3.0-3, 3.0-4), pve-cluster:amd64 (5.0-15, 5.0-17), vncterm:amd64 (1.5-2, 1.5-3), spiceterm:amd64 (3.0-4, 3.0-5), pve-manager:amd64 (5.1-36, 5.1-38), libpve-common-perl:amd64 (5.0-20, 5.0-22), lxc-pve:amd64 (2.1.0-2, 2.1.1-2), libpve-http-server-perl:amd64 (2.0-6, 2.0-7), proxmox-ve:amd64 (5.1-28, 5.1-30), lxcfs:amd64 (2.0.7-pve4, 2.0.8-1)
End-Date: 2017-12-06 22:32:36
Since then I can't get any traffic (not even ping) from the clients to the firewall or vice-versa. Also the firewall is unable to get an IP from the WAN over vmbr1. I can not login from a client on the LAN network to the pfsense host, however it works from within proxmox over ssh:
client <-> proxmox host <-> pfsense
I can also use w3m to connect to the web interface of pfsense, so the wm seems to work fine.
I checked the hardware tabs of the pfsense VM and they show the correct network interfaces, so nothing has changed there.
Any ideas? How could the reboot have messed up things? I don't think that it's related to the updated packages above, as those are all minor updates.
I'll try the following:
- Communication between LXC containers that are also using vmbr0
- Setup a new kvm machine on vmbr0 and vmbr1 and check whether that works
Thanks in advance for your help!
