[SOLVED] Can't access CT/VM via SSH with some routers (but ping works and they have internet access)

T

the_blacksmith1

New Member
Feb 16, 2021
11
0
1
37
EDIT : SOLUTION here => https://forum.proxmox.com/threads/c...d-they-have-internet-access.84334/post-371109

--

Hello,

I'm facing an issue and I have no idea how to fix it. I'm assuming it's coming from Proxmox, but I'm not even sure.

I have a fritzbox 7590 as a router, I have my computer, and I have my server with proxmox on it (9 CT and 2 VM).
Everything is working like a charm, very basic setup, nothing special.

I'm currently trying to change my router for something else. And when I do so, I can't connect via SSH to my CT / VM.
I can ping all my CT / VM, they have internet access, but any SSH connection times out.
!! But I can connect to the host !! SSH is working there. And I can login to my CT / VM through the hosts (pct enter) or through the console. And they all have internet access.

I tried PFsense, OPNsense, Cisco router, Mikrotik Router, Ubiquity Router.
They all have the same issue.

Funny enough, Peplink router doesn't have that issue...
And funny enough, the CT where I have Pihole installed doesn't have that issue (except on OPNsense, where SSH doesn't work even for that CT :D).

I tried to disabled the proxmox firewall (see attachment), but it didn't change anything.

Of course, as soon as I swap back the router to my Fritzbox, ssh is working instantly.

Do you guys have any idea where that behavior is coming from ?
Let me know if you need more informations (I'm kind of a noob ^^').

Thank you for the reading.
 

Attachments

  • dc.png
    dc.png
    7.4 KB · Views: 12
Last edited:
Ho my bad, completely forgot the most important information ^^'

Everything is on my LAN (my PC and my proxmox server). So from LAN to LAN.
I'm trying to connect to my CT's directly via their LAN address (192.168.X.X), nothing else.

Of course, my first idea was to blame the firewall as well, but since it's just my LAN, by default, there is no rule that should mess with the SSH connection from my understanding.
 
so you've got a switch that connects your personnal computer, your proxmox server and your router
all are connected on the same network (192.168.X.0/24) and the gateway is your internet router (probably 192.168.X.1 or 192.168.X.254)
when the router is fritzbox, all works
when other router, SSH from your personnal computer to CTs on proxmox do not work any more
that's it ?
 
VM or CT, SSH don't work when I'm using an other router than my Fritzbox.

I just tried SSH with my synology. I switch to my router (OPNsense), enabled SSH on my syno, and it's working fine, I can login to my synology via SSH, when using OPNsense (same port, obviously).

So the issue is definitely on proxmox side.

Is it possible that my network config is missing something on my proxmos host ?


Code: 
source /etc/network/interfaces.d/*

auto lo eno1
iface lo inet loopback

allow-hotplug eno1

iface eno1 inet manual
# This is an autoconfigured IPv6 interface

iface eno1 inet6 auto

auto vmbr0
iface vmbr0 inet static
    address  192.168.1.110
    netmask  255.255.255.0
    gateway  192.168.1.1
    bridge_ports eno1
    bridge_stp off
    bridge_fd 0
 
It didn't help.

I've attached some screenshots so you can check that I'm not mad or something ^^'

One when it fails (tried to login to a CT : 192.168.1.116)
One when it's working (tried to login to my syno : 192.168.1.100)

I've already mentionned it : I can login to the host, ssh is working there.
 

Attachments

  • woot.png
    woot.png
    276.2 KB · Views: 7
  • syno.png
    syno.png
    269.4 KB · Views: 7
could you show us your proxmox firewall rules for all levels? (datacenter, node, VM/CT)
 
the_blacksmith1 said:
I rebooted the host before retrying, yes.


How am I suppose to connect to my CT's from my PC if there is no router involved ? I don't have any managed switch.
Click to expand...
all your computers are on the same network, there is no need of a router
a basic switch is enough
a router makes communications possible between 2 different networks
there is only one on yours, no need for a router
 
See attachments about the firewall.
All the firewalls are disabled (it was the first thing I tried a couple of weeks ago). I don't have any fw rule (they are all empty)


Pierre-Yves said:
all your computers are on the same network, there is no need of a router
a basic switch is enough
a router makes communications possible between 2 different networks
there is only one on yours, no need for a router
Click to expand...
I had no idea it could work like that !!
I can't disconnect my router right now, tomorrow I'll try for sure and let you know what's up.
 

Attachments

  • datacenter.png
    datacenter.png
    14.8 KB · Views: 11
  • node.png
    node.png
    22.9 KB · Views: 11
  • CT.png
    CT.png
    20.4 KB · Views: 11
Last edited:
Pierre-Yves said:
and if there is no router connected, does it work ?
Click to expand...
I was able to try without any router. The CT's doesn't even ping.

See attachment for the full results and the three situations :

1) With my initial setup (fritzbox router) where everything is working
2) without any router where the CT's don't ping (and ofc, ssh doesn't work)
3) with OPNsense (it was the same with Mikrotik, cisco and ubqn routers) where the CT's ping, but SSH doesn't work

I've added my nas as well in my tests. And the ssh is working everytime there.
 

Attachments

  • fritzbox - starting situation.png
    fritzbox - starting situation.png
    425 KB · Views: 5
  • without any router.png
    without any router.png
    424.9 KB · Views: 5
  • opnsense-issue.png
    opnsense-issue.png
    402 KB · Views: 6
is it possible that swapping the router changes your windows firewall configuration?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back