Cant access Webgui on 2nd bridge (no physical nic attached)

merasil · Jun 30, 2020

Hi there,

my problem is the following: I want to be able to connect to the webgui via 2 nics. Both are bridges, but the 2nd got no bridge port since i only use it for a dmz. Via gui i added an ip to the 2nd bridge and also added the new ip to /etc/hosts of my proxmox hv. I can ping the new ip, but i cant ssh or access the gui via 2nd ip. What am i doing wrong?

Code:

auto vmbr0
iface vmbr0 inet static
        address 172.16.0.11/16
        gateway 172.16.0.254
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
#Hypervisor

auto vmbr1
iface vmbr1 inet manual
        bridge-ports eno2
        bridge-stp off
        bridge-fd 0
#Intern (Gateway)

auto vmbr2
iface vmbr2 inet manual
        bridge-ports eno3
        bridge-stp off
        bridge-fd 0
#Intern

auto vmbr3
iface vmbr3 inet manual
        bridge-ports eno4
        bridge-stp off
        bridge-fd 0
#Server-DMZi3

auto vmbr4
iface vmbr4 inet manual
        bridge-ports enp5s0f0
        bridge-stp off
        bridge-fd 0
#Extern (Gateway)

auto vmbr5
iface vmbr5 inet manual
        bridge-ports enp5s0f1
        bridge-stp off
        bridge-fd 0
#Extern

auto vmbr6
iface vmbr6 inet manual
        bridge-ports enp5s0f2
        bridge-stp off
        bridge-fd 0
#Extern

auto vmbr7
iface vmbr7 inet manual
        bridge-ports enp5s0f3
        bridge-stp off
        bridge-fd 0
#GuestWlan (Gateway)

auto vmbr8
iface vmbr8 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#ServerVM-DMZi1

auto vmbr9
iface vmbr9 inet static
        address 172.21.0.11/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#ServerVM-DMZi2

Thx for any help

t.lamprecht · Jun 30, 2020

Hi,

merasil said:
Both are bridges, but the 2nd got no bridge port since i only use it for a dmz

What ID has the second one? vmbrX? And what is connected to that one, only VMs?

merasil · Jun 30, 2020

t.lamprecht said:
What ID has the second one? vmbrX? And what is connected to that one, only VMs?

First one is vmbr0 and second one is vmbr9. vmbr9 is used by vms1,2,3 (172.22.0.1, .2, .254) only and the proxmox host (172.22.0.11).

Setup

vm1 --------|
vm2---------|-------vmbr9-------Gateway (vm3)
proxmox--|

merasil · Jul 6, 2020

So i could enumerate a bit more.

As long as there is a physical nic bound to the bridge it works. If i unbind the physical nic it stops working. I still can ping the machine and nmap even discovers all ports (ex. 111, 8006) as open but i cant access the webserver. Next step would be to try to debug the webserver in this state... Anyone got a good guess what this could cause?

*EDIT*
OK got it working. My Router is dropping some packets... The thing is: i dont know why.

iptables -A FORWARD -m conntrack --ctstate INVALID -j DROP

Thats the Rule causing it. Could some1 explain to me why invalid packets are neccessary for proxmox webgui to work?

Search

Search

Cant access Webgui on 2nd bridge (no physical nic attached)

merasil

Member

t.lamprecht

Proxmox Staff Member

merasil

Member

merasil

Member

We value your privacy