Enabling firewall breaks network connectivity for all VMs

D

doug0x

New Member
Mar 14, 2024
2
0
1
Hello,

I have been trying to figure this out for a while. Whenever I enable the proxmox firewall at the datacenter level, network connectivity for all VMs is instantly broken. VMs are not even pingable. Nor can they communicate out. The only way to resolve is to reboot the entire proxmox node. simply disabling the firewall/restarting it does not have any effect.

I noticed when keeping the firewall enabled, the VMs will not pull an IPv4 address from DHCP.

Here's some relevant info based on other issues I read about.

Code: 
cat /etc/pve/firewall/cluster.fw
[OPTIONS]

policy_in: ACCEPT
enable: 0
ebtables: 1

[RULES]

OUT ACCEPT -log nolog
IN ACCEPT -log nolog

Code: 
cat host.fw
[OPTIONS]

log_level_in: nolog
log_level_out: nolog
enable: 1

Any help or advice would be greatly appreciated! Thank you.
 
Hi, after making network changes in the host. It is possible you have to reboot container or vm before gaining network access again.
This is the case when I set portforward rules in /etc/network/interfaces I assume it is the same for the firewall.

Can you try this on proxmox host;
pve-firewall restart
systemctl restart networking.service

After that, reboot the vm and check if you have network. If that doesn't work, try rebooting proxmox host after enabling firewall and see if vm's have network
 
yusisushi said:
Hi, after making network changes in the host. It is possible you have to reboot container or vm before gaining network access again.
This is the case when I set portforward rules in /etc/network/interfaces I assume it is the same for the firewall.

Can you try this on proxmox host;
pve-firewall restart
systemctl restart networking.service

After that, reboot the vm and check if you have network. If that doesn't work, try rebooting proxmox host after enabling firewall and see if vm's have network
Click to expand...
Thanks for the reply! Tried this, and restarted the VMs afterwards, no good. Rebooted the proxmox host afterwards, no good. Tried with the VMs shutdown, the brought them up, still no good. The will only pull an IPv6 with the firewall enabled still.
 
Did you ever find an answer to this? I see multiple threads on this but never a resolution.

I have a Proxmox Host, pretty fresh install and it doesn't work on Linux Bridges but if I change to OpenVSwitch it works as expected. The catch with OpenVSwitch is I seem to have to force VLAN tagging to 1 for traffic to flow but then I cannot use VLAN's in my OPNsense directly.

Switch to native linux and VLAN's work in OPNsense without issue but the Proxmox firewall doesn't work properly. Turn it on at Datacentre and all communication to VM's breaks. They don't have firewall enabled even on many of them but they all stop working.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back