Cannot Update Proxmox but VMs have Internet Access

F

Frenzy0897

New Member
Oct 16, 2024
5
0
1
TL;DR

I cannot update a fresh Proxmox VE install (no Internet access). However, pfSense and all other VMs have Internet access.

Proxmox 8.2.2 cannot update: `Temporary failure resolving download.proxmox.com` and other domain errors (see errors below).

After I ssh into Proxmox VE (ssh root@192.168.100.2):

* I can successfully ping 192.168.100.1 (Internet router).
* ping google.com results in Temporary failure in name resolution.
* ping 8.8.8.8 results in 100% packet loss.

Code: 
ip route
default via 192.168.100.1 dev vmbr0 proto kernel onlink
10.10.1.0/24 dev vmbr1 proto kernel scope link src 10.10.1.0
192.168.100.0/24 dev vmbr0 proto kernel scope link src 192.168.100.2


Code: 
cat /etc/resolv.conf

search local
nameserver 8.8.8.8

I tried changing the nameserver to 192.168.100.1 (my Internet router) and ran systemctl restart networking, still no Internet access.

Code: 
cat /etc/hosts

127.0.0.1 localhost.localdomain localhost
192.168.100.2 lab.local lab

# The following lines are desirable for IPv6 capable hosts

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

My Linux bridge 'vmbr0' has a port/slave enp0s31f6, CIDR 192.168.100.2/24 and a Gateway 192.168.100.1

My Linux bridge 'vmbr1' has CIDR 10.10.1.0/24

pfSense WAN interface IP is 192.168.100.205 and Gateway 192.168.100.1
LAN and VLANs interfaces have IPs 10.x.x.x all have internet access

Results from trying to update Proxmox:
Code: 
starting apt-get update
Ign:1 http://download.proxmox.com/debian/pve bookworm InRelease
Ign:2 http://security.debian.org bookworm-security InRelease
Ign:3 http://ftp.debian.org/debian bookworm InRelease
Ign:4 http://ftp.debian.org/debian bookworm-updates InRelease
Ign:1 http://download.proxmox.com/debian/pve bookworm InRelease
Ign:2 http://security.debian.org bookworm-security InRelease
Ign:3 http://ftp.debian.org/debian bookworm InRelease
Ign:2 http://security.debian.org bookworm-security InRelease
Ign:1 http://download.proxmox.com/debian/pve bookworm InRelease
Ign:4 http://ftp.debian.org/debian bookworm-updates InRelease
Err:2 http://security.debian.org bookworm-security InRelease
  Temporary failure resolving 'security.debian.org'
Err:1 http://download.proxmox.com/debian/pve bookworm InRelease
  Temporary failure resolving 'download.proxmox.com'
Ign:3 http://ftp.debian.org/debian bookworm InRelease
Ign:4 http://ftp.debian.org/debian bookworm-updates InRelease
Err:3 http://ftp.debian.org/debian bookworm InRelease
  Temporary failure resolving 'ftp.debian.org'
Err:4 http://ftp.debian.org/debian bookworm-updates InRelease
  Temporary failure resolving 'ftp.debian.org'
Reading package lists...
W: Failed to fetch http://ftp.debian.org/debian/dists/bookworm/InRelease  Temporary failure resolving 'ftp.debian.org'
W: Failed to fetch http://ftp.debian.org/debian/dists/bookworm-updates/InRelease  Temporary failure resolving 'ftp.debian.org'
W: Failed to fetch http://security.debian.org/dists/bookworm-security/InRelease  Temporary failure resolving 'security.debian.org'
W: Failed to fetch http://download.proxmox.com/debian/pve/dists/bookworm/InRelease  Temporary failure resolving 'download.proxmox.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
TASK OK
 
Last edited:
fireon said:
Please post also your proxmox network configuration:
Code: 
cat /etc/network/interfaces
Click to expand...
Thanks for replying:

Code: 
Linux lab 6.8.4-2-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.4-2 (2024-04-10T17:36Z) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Oct 15 22:16:59 2024 from 192.168.100.197
root@lab:~# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface enp0s31f6 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.100.2/24
    gateway 192.168.100.1
    bridge-ports enp0s31f6
    bridge-stp off
    bridge-fd 0

iface wlp4s0 inet manual

auto vmbr1
iface vmbr1 inet static
    address 10.10.1.0/24
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    bridge-vlan-aware yes
    bridge-vids 2-4094
#LAB LAN

source /etc/network/interfaces.d/*
 
Last edited:
Basically it looks good. But since the pfSense firewall is also virtualized, I think the problem probably lies somewhere.
Because all the traffic goes over the same network and brige, also on the WAN side.

pfSense WAN interface IP is 192.168.100.205 and Gateway 192.168.100.1
Click to expand...
Who is this gateway?

I have always separated the WAN from the LAN. Or are you running a double NAT?
 
  • Like
Reactions: Frenzy0897
Have you activated the firewall on the Node + Datacenter? What happens if you try to do a traceroute to 8.8.8.8? Could there be a Firewall rule on your gateway which could prevent the Proxmox VE host from reaching the WAN?
 
  • Like
Reactions: Frenzy0897
fireon said:
Basically it looks good. But since the pfSense firewall is also virtualized, I think the problem probably lies somewhere.
Because all the traffic goes over the same network and brige, also on the WAN side.


Who is this gateway?

I have always separated the WAN from the LAN. Or are you running a double NAT?
Click to expand...
pfsense.png
I'm using an old Lenovo P50 laptop as my Proxmox home lab. The laptop has only one Ethernet port, and it's connected to my ISP's router at 192.168.100.1. My ISP's LAN is 192.168.100.0/24 and I connect to Proxmox from another laptop on this LAN. I installed pfSense as a Proxmox vm using IP 10.10.1.254 and created three VLANs. If i recall correctly, either my ISP's router provided pfSense's WAN IP of 192.168.100.205, or I set it manually, i can't quite remember because I initially had some difficulty getting pfSense to complete the installation because it could not reach the netgate servers. I hope this answers your question.
pfsense2.png
 
Last edited:
KevinS said:
Have you activated the firewall on the Node + Datacenter? What happens if you try to do a traceroute to 8.8.8.8? Could there be a Firewall rule on your gateway which could prevent the Proxmox VE host from reaching the WAN?
Click to expand...
Thanks for replying. I'm learning from your questions.

Have you activated the firewall on the Node + Datacenter?

Here is a screen shot of the node and below is a screenshot of the Datacenter
fw-node.png

Datacenter

fw-datacenter.png

What happens if you try to do a traceroute to 8.8.8.8?
traceroute.png

Could there be a Firewall rule on your gateway which could prevent the Proxmox VE host from reaching the WAN?

My ISP router? I did not set any rule. The only rules I set were for the VLANs in pfsense. I also did not change the pfsense WAN rules
fw-wan.png
 
FYI, Node Firewall is only active if datacenter one is active as well.

What is confusing, though:

Frenzy0897 said:
What happens if you try to do a traceroute to 8.8.8.8?
View attachment 76427
Click to expand...
This does not look like you can ping your gateway, please check again. Otherwise do an
Code: 
ip r
again to check your route
 
  • Like
Reactions: Frenzy0897
KevinS said:
FYI, Node Firewall is only active if datacenter one is active as well.

What is confusing, though:


This does not look like you can ping your gateway, please check again. Otherwise do an
Code: 
ip r
again to check your route
Click to expand...
After I ssh into proxmox (root@192.168.100.2):

* I can successfully ping my ISP router at 192.168.100.1
* I can successfully ping pfSense at 10.10.1.254
* ping 8.8.8.8 results in 100% packet loss

I then enabled the Datacenter firewall and ran `systemctl restart networking.service`:

fw-datacenter-2.png

After enabling Datacenter firewall, I can still ping the ISP router and pfSense, still cannot ping 8.8.8.8, my VMs still have Internet access, and I still cannot update Proxmox

After running `ip r`:
Code: 
default via 192.168.100.1 dev vmbr0 proto kernel onlink
10.10.1.0/24 dev vmbr1 proto kernel scope link src 10.10.1.0
192.168.100.0/24 dev vmbr0 proto kernel scope link src 192.168.100.2
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back