1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bridging broken after reboot, virt. firewall

Discussion in 'Proxmox VE: Networking and Firewall' started by Phlogi, Dec 7, 2017.

  1. Phlogi

    Phlogi New Member

    Joined:
    Jul 21, 2015
    Messages:
    29
    Likes Received:
    1
    Actual problem:
    No traffic on my bridge network to virtualized firewall.

    Network setup related to firewall, see also interfaces config file:

    virtio net0 <-> vmbr1 <-> eth1 <--> WAN
    virtio net1 <-> vmbr0 <-> eth0 <--> LAN, Wifi, Clients and VMs all on the same network, no DMZ


    What happened before:
    This server with zfs root was running out of disk space. This affected the kvm VMs to struggle, especially the virtualized pfsense firewall was not operating properly anymore.

    I freed up some space and was able to restart this VM and networking was working as expected again.

    For some reason I decided to reboot the whole machine, before that I ran an update on the proxmox host:
    apt-get update && apt-get dist-upgrade
    From the log file
    Start-Date: 2017-12-06 22:31:10
    Commandline: apt-get dist-upgrade
    Install: pve-kernel-4.13.8-3-pve:amd64 (4.13.8-30, automatic)
    Upgrade: libpve-storage-perl:amd64 (5.0-16, 5.0-17), pve-qemu-kvm:amd64 (2.9.1-2, 2.9.1-3), pve-ha-manager:amd64 (2.0-3, 2.0-4), pve-firewall:amd64 (3.0-3, 3.0-4), pve-cluster:amd64 (5.0-15, 5.0-17), vncterm:amd64 (1.5-2, 1.5-3), spiceterm:amd64 (3.0-4, 3.0-5), pve-manager:amd64 (5.1-36, 5.1-38), libpve-common-perl:amd64 (5.0-20, 5.0-22), lxc-pve:amd64 (2.1.0-2, 2.1.1-2), libpve-http-server-perl:amd64 (2.0-6, 2.0-7), proxmox-ve:amd64 (5.1-28, 5.1-30), lxcfs:amd64 (2.0.7-pve4, 2.0.8-1)
    End-Date: 2017-12-06 22:32:36

    Since then I can't get any traffic (not even ping) from the clients to the firewall or vice-versa. Also the firewall is unable to get an IP from the WAN over vmbr1. I can not login from a client on the LAN network to the pfsense host, however it works from within proxmox over ssh:
    client <-> proxmox host <-> pfsense
    I can also use w3m to connect to the web interface of pfsense, so the wm seems to work fine.

    I checked the hardware tabs of the pfsense VM and they show the correct network interfaces, so nothing has changed there.

    Any ideas? How could the reboot have messed up things? I don't think that it's related to the updated packages above, as those are all minor updates.

    I'll try the following:
    - Communication between LXC containers that are also using vmbr0
    - Setup a new kvm machine on vmbr0 and vmbr1 and check whether that works

    Thanks in advance for your help!
     

    Attached Files:

  2. Alwin

    Alwin Proxmox Staff Member
    Staff Member

    Joined:
    Aug 1, 2017
    Messages:
    577
    Likes Received:
    36
    One thing to check, if the device naming of the nics has changed. Shouldn't but you never know. ;)
     
  3. Phlogi

    Phlogi New Member

    Joined:
    Jul 21, 2015
    Messages:
    29
    Likes Received:
    1
    Thats a very good point, I already checked that in the morning. Unplugged the cable and dmesg showed the interface going down.

    Also the connection from my client through eth0 to the proxmox host works, so they can't have changed. Or do you mean the bridge names or even something different?
     
  4. Alwin

    Alwin Proxmox Staff Member
    Staff Member

    Joined:
    Aug 1, 2017
    Messages:
    577
    Likes Received:
    36
    If you can access the server from the LAN, then you are sitting on vmbr0 and the bridge is connected to eth0. Do you have the PVE firewall activated?
     
  5. Phlogi

    Phlogi New Member

    Joined:
    Jul 21, 2015
    Messages:
    29
    Likes Received:
    1
    To be specific:
    I'm accessing proxmox by static ip network (coming over wifi->ethernet->eth0, no bridge), so only using eth0, opening an ssh session. From that session on the proxmox host I can access pfsense - i guess using the bridge? So yes the bridge seems to partially work but only from within proxmox host, right?

    I did check that too, the PVE firewall was enabled on the main pve settings, I disabled that and rebooted. On the virtual interfaces of the pfsense VM, the firewall flag was never set. Would the firewall interfere actually in the default settings? I never configured the proxmox firewall so far.

    Thanks again!
     
  6. Phlogi

    Phlogi New Member

    Joined:
    Jul 21, 2015
    Messages:
    29
    Likes Received:
    1
    Sometimes solutions are very easy:
    systemctl disable docker && reboot

    I activated docker some time ago and just forgot about it. Also didn't know that it messes that much with my network settings.
     

Share This Page