Hi all!
I have a Proxmox and AWX server and they are located on the same network with each other. AWS sees proxmox perfectly well and from it I can connect via ssh to proxmox, but I can't Ping or connect directly to the proxmox server from an external network, only via the web interface via port 8006.
What have I tried:
pveversions -v
ip a
cat /etc/network/interfaces
root@test-pve:/# systemctl is-enabled networking
enabled
I have a Proxmox and AWX server and they are located on the same network with each other. AWS sees proxmox perfectly well and from it I can connect via ssh to proxmox, but I can't Ping or connect directly to the proxmox server from an external network, only via the web interface via port 8006.
What have I tried:
- disabling/editing the proxmox firewall
- changing iptables settings
- opens ports from iptables, for example 2201
pveversions -v
Bash:
proxmox-ve: 8.1.0 (running kernel: 6.5.11-8-pve)
pve-manager: 8.1.4 (running version: 8.1.4/ec5affc9e41f1d79)
proxmox-kernel-helper: 8.1.0
proxmox-kernel-6.5: 6.5.11-8
proxmox-kernel-6.5.11-8-pve-signed: 6.5.11-8
ceph-fuse: 17.2.7-pve2
corosync: 3.1.7-pve3
criu: 3.17.1-2
dnsmasq: 2.89-1
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx8
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-4
libknet1: 1.28-pve1
libproxmox-acme-perl: 1.5.0
libproxmox-backup-qemu0: 1.4.1
libproxmox-rs-perl: 0.3.3
libpve-access-control: 8.0.7
libpve-apiclient-perl: 3.3.1
libpve-common-perl: 8.1.0
libpve-guest-common-perl: 5.0.6
libpve-http-server-perl: 5.0.5
libpve-network-perl: 0.9.5
libpve-rs-perl: 0.8.8
libpve-storage-perl: 8.0.5
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 5.0.2-4
lxcfs: 5.0.3-pve4
novnc-pve: 1.4.0-3
proxmox-backup-client: 3.1.4-1
proxmox-backup-file-restore: 3.1.4-1
proxmox-kernel-helper: 8.1.0
proxmox-mail-forward: 0.2.3
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.4
proxmox-widget-toolkit: 4.1.3
pve-cluster: 8.0.5
pve-container: 5.0.8
pve-docs: 8.1.3
pve-edk2-firmware: 4.2023.08-3
pve-firewall: 5.0.3
pve-firmware: 3.9-1
pve-ha-manager: 4.0.3
pve-i18n: 3.2.0
pve-qemu-kvm: 8.1.5-2
pve-xtermjs: 5.3.0-3
qemu-server: 8.0.10
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.2.2-pve1ip a
Bash:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp6s18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
link/ether bc:24:11:23:14:c1 brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether bc:24:11:23:14:c1 brd ff:ff:ff:ff:ff:ff
inet 194.26.17.202/25 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::be24:11ff:fe23:14c1/64 scope link
valid_lft forever preferred_lft forever
4: test: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether d6:37:63:94:a5:96 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.1/24 scope global test
valid_lft forever preferred_lft forever
inet6 fe80::d0a0:69ff:fedc:2d44/64 scope link
valid_lft forever preferred_lft forever
29: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr100i0 state UNKNOWN group default qlen 1000
link/ether 7a:13:55:ca:c0:e1 brd ff:ff:ff:ff:ff:ff
30: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 16:ab:11:86:28:cc brd ff:ff:ff:ff:ff:ff
31: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master test state UP group default qlen 1000
link/ether d6:37:63:94:a5:96 brd ff:ff:ff:ff:ff:ffcat /etc/network/interfaces
Bash:
auto lo
iface lo inet loopback
iface enp6s18 inet manual
auto vmbr0
iface vmbr0 inet static
address 194.26.17.202/25
gateway 194.26.17.129
bridge-ports enp6s18
bridge-stp off
bridge-fd 0
auto test
iface test
address 192.168.0.1/24
post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j SNAT --to-source 194.26.17.202
post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j SNAT --to-source 194.26.17.202
post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
bridge_ports none
bridge_stp off
bridge_fd 0
alias test
ip-forward onroot@test-pve:/# systemctl is-enabled networking
enabled