[SOLVED] Docker breaks my Proxmox access

C

citgot

New Member
Oct 17, 2020
16
2
3
54
I’m running Proxmox and a VM with a minimal debian OS. Everything worked fine until I installed docker and Portainer. Well, docker, Portainer and my containers work fine. But now my Proxmox is not accessable, not by GUI and not by SSH.
I’ve read that docker could break the bridge as it uses iptables but the suggested fixes I’ve tried don’t work for me. I’m also afraid that all non-working fixes will break something.

is there someone who had the same problem with debian VM on a Proxmox setup who can guide me on how to solve it (not just disable iptables)?
 
Last edited:
hi,

do i understand correctly that you installed docker on the PVE host? this isn't recommended or supported.

if you've installed docker/portainer on the VM it shouldn't interfere with the host networking.

citgot said:
Well, docker, Portainer and my containers work fine. But now my Proxmox is not accessable, not by GUI and not by SSH.
Click to expand...
are you able to reach the containers? if so maybe you can connect to your PVE host through a container
 
Sorry, I was a bit unclear. Docker is installed on a Debian VM running only docker/portainer and two containers.

I can reach the containers and they work as they should. The PVE-host is not reachable through GUI or SSH. The host has a static IP from my router and when attaching a display directly to my server on which the PVE-host Proxmox is installed bare metal I can confirm that the host is running as before the docker installation. It got an IP address and I can use CLI commands and login.

Before installing docker the same Debian VM was running but with no problem to reach the PVE-host. So all points to docker in the VM is screwing something up for the host.

I’ve tried to change the IP for the docker bridge but that resulted in nothing. Same problem. I also tried some other fixes for the forwarding of IPs that I found online but that just broke docker and I had the revert all changes.

So I’m out of ideas. I’ll try to reach the host through the containers tonight, but I’m unsure what that would tell me.
 
citgot said:
The PVE-host is not reachable through GUI or SSH.
Click to expand...
unreachable how exactly? do you get a time out? do you get connection refused? does it just hang? can you provide some details?

citgot said:
It got an IP address and I can use CLI commands and login.
Click to expand...
* does it have internet connectivity?
* can you ping the PVE host?


installing docker in a VM normally won't interfere with the host networking (as the bridge is created in the VM).

if you need help then you need to tell us more about your network configuration, like the contents /etc/network/interfaces from your PVE host.
output of command ip a and maybe ip r .
 
oguz said:
unreachable how exactly? do you get a time out? do you get connection refused? does it just hang? can you provide some details?


* does it have internet connectivity?
* can you ping the PVE host?
Click to expand...

sorry about the lack of details. I just don’t know what is important to share.

I get timed out when trying to connect to the PVE host GUI or SSH.

The host has internet connectivity. I can ping web addresses and I can ping different devices in my network. The host can ping itself.

I can’t however ping the host from any other device.

if you need help then you need to tell us more about your network configuration, like the contents /etc/network/interfaces from your PVE host.
Click to expand...
output of command ip a and maybe ip r
Click to expand...

I attach an image showing the output for ip a, ip r.

The contents of /etc/networks and /etc/network/interfaces is also attached in pictures

If I can provide some more info please just let me know.

One of the fixes I’ve tried is: Link but that only made the docker not to restart as it logged errors on stop sequence.
 

Attachments

  • 69D6F29A-2F9A-4518-BAF4-8601AED59D39.jpeg
    69D6F29A-2F9A-4518-BAF4-8601AED59D39.jpeg
    132.3 KB · Views: 18
  • 340468BF-8174-468E-8E8D-8BBDAE36230D.jpeg
    340468BF-8174-468E-8E8D-8BBDAE36230D.jpeg
    804.7 KB · Views: 18
  • 5B939C56-4B5F-4AB6-BE94-1AE7781F1086.jpeg
    5B939C56-4B5F-4AB6-BE94-1AE7781F1086.jpeg
    76.3 KB · Views: 19
Last edited:
citgot said:
I get timed out when trying to connect to the PVE host GUI or SSH.

The host has internet connectivity. I can ping web addresses and I can ping different devices in my network. The host can ping itself.
Click to expand...
can you post the output of ss -antlp? you should be seeing the port 8006 and port 22 open under normal circumstances.

you can also try checking with nmap: nmap -p22,8006 your.pve.host.ip and see if the ports are open/closed/filtered

if the ports aren't open, then you should check the systemctl output from the host and see if any services are in failed state. if they are please check journalctl
 
  • Like
Reactions: citgot
oguz said:
can you post the output of ss -antlp? you should be seeing the port 8006 and port 22 open under normal circumstances.

you can also try checking with nmap: nmap -p22,8006 your.pve.host.ip and see if the ports are open/closed/filtered

if the ports aren't open, then you should check the systemctl output from the host and see if any services are in failed state. if they are please check journalctl
Click to expand...
Thanks for all the help.

ss -antlp output is in the attached file. So is output of nmap -p22,8006

systemctl shows no failed state services
 

Attachments

  • 4BB13871-FCD0-45D4-AAAE-6E8A98957E4A.jpeg
    4BB13871-FCD0-45D4-AAAE-6E8A98957E4A.jpeg
    544.4 KB · Views: 9
  • 64161F47-CF12-46A6-A98E-C2A2005623BE.jpeg
    64161F47-CF12-46A6-A98E-C2A2005623BE.jpeg
    784.8 KB · Views: 9
can you try running the nmap scan from the computer you're trying to connect to the server from?

if the services are running and nothing is failing, then it might be a networking problem. is there anything between your computer and the PVE host, like a firewall?
 
Well, this is embarrassing. When installing and configuring Proxmox I disabled the pve-firewall as it blocked the GUI. The host and VMs worked like that until I installed docker. Now I find the pve-firewall is back up and it once again blocked access to the host.

As I had pve-firewall disabled I just focused on my main firewall and made sure that it wouldn’t block access. But somehow pve-firewall was back up. I let it run now with an open port 8006 so I can access GUI.
Does the docker install activate the pve-firewall? It activates on pve host reboot now, it didn’t before docker.

I’m sorry for wasting mine and your time with this. My bad. Thanks for your help, at least I learned something.
 
citgot said:
Does the docker install activate the pve-firewall? It activates on pve host reboot now, it didn’t before docker.
Click to expand...
no, it doesn't activate it (just tested here on clean installation). i'm not sure what caused it in your case.

citgot said:
I’m sorry for wasting mine and your time with this. My bad. Thanks for your help, at least I learned something.
Click to expand...
no worries, you're welcome. you can mark the thread as [SOLVED] by editing the thread title prefix
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom