[SOLVED] Given Mac in VM is not same like Mac reported in pve (also HETZNER-Problem)

ThomasH · Nov 3, 2021

(moved from the german-spoken part of this forum)

Hi there,

I have an urgent problem with my server and a date to solve it, before my provider switches it off - well, understandable.

I have four virtual machines running and I set for each the Mac-addresses given by the provider in their network-configuration. Everthing worked fine until an upgrade.
Well, in the meanwhile I am on Proxmox 7.0-13 set up the complete proxmox-server, but the problem is still not solved.

Asking the VMs running for their Mac-address, they show me the correct one, given by their network-configuration in the proxmox-frontend.
Asking the console of the PVE I get complete diffrent Macs, what means the provider itself receives these wrong ones.


root@proxmoxserver ~ # ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:cd:04:d9 brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 90:1b:0e:cd:04:d9 brd ff:ff:ff:ff:ff:ff
4: vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether a2:37:6c:1a:b6:10 brd ff:ff:ff:ff:ff:ff
13: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 9e:0a:4a:04:05:23 brd ff:ff:ff:ff:ff:ff
14: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 5a:8c:c4:f3:e4:59 brd ff:ff:ff:ff:ff:ff
15: tap102i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr102i0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 32:78:d9:f4:8e:ab brd ff:ff:ff:ff:ff:ff
16: fwbr102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether c6:37:6c:5b:0e:ea brd ff:ff:ff:ff:ff:ff
17: fwpr102p0@fwln102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP mode DEFAULT group default qlen 1000
    link/ether 1e:73:e7:94:e5:fd brd ff:ff:ff:ff:ff:ff
18: fwln102i0@fwpr102p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP mode DEFAULT group default qlen 1000
    link/ether 42:52:04:3e:5a:ec brd ff:ff:ff:ff:ff:ff


root@proxmoxserver ~ # ip route
default via 94.130.16.1 dev vmbr0 proto kernel onlink
94.130.16.1 dev vmbr0 proto kernel scope link src 94.130.16.31
192.168.0.0/24 dev vmbr1 proto kernel scope link src 192.168.0.1 linkdown


root@proxmoxserver ~ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether 90:1b:0e:cd:04:d9 brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 90:1b:0e:cd:04:d9 brd ff:ff:ff:ff:ff:ff
    inet 94.130.16.31 peer 94.130.16.1/32 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 2a01:4f8:10b:1460:: peer fe80::1/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::921b:eff:fecd:4d9/64 scope link
       valid_lft forever preferred_lft forever
4: vmbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether a2:37:6c:1a:b6:10 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 scope global vmbr1
       valid_lft forever preferred_lft forever
13: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 9e:0a:4a:04:05:23 brd ff:ff:ff:ff:ff:ff
14: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 5a:8c:c4:f3:e4:59 brd ff:ff:ff:ff:ff:ff
15: tap102i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr102i0 state UNKNOWN group default qlen 1000
    link/ether 32:78:d9:f4:8e:ab brd ff:ff:ff:ff:ff:ff
16: fwbr102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether c6:37:6c:5b:0e:ea brd ff:ff:ff:ff:ff:ff
17: fwpr102p0@fwln102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 1e:73:e7:94:e5:fd brd ff:ff:ff:ff:ff:ff
18: fwln102i0@fwpr102p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP group default qlen 1000
    link/ether 42:52:04:3e:5a:ec brd ff:ff:ff:ff:ff:ff

Configuration of one VM as example for all my machines

---

As you can see, the provider-given Mac is set and has been set by the virtual machine. But pve shows a diffrent mac for the running virtual machine

Any ideas?

Thanks a lot.

Thomas

spirit · Nov 3, 2021

do you have read:

https://pve.proxmox.com/wiki/Upgrade_from_6.x_to_7.0#Check_Linux_Network_Bridge_MAC

?

you can install ifupdown2 to keep physical interface mac on vmbr ,

or specify manually mac address if you use ifupdown1.

ThomasH · Nov 3, 2021

Hi spirit,

thanks for your reply. I checked it and it is installed:


root@proxmoxserver ~ # apt install ifupdown2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
ifupdown2 is already the newest version (3.1.0-1+pmx3).
ifupdown2 set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Maybe my brain is totally blocked (I am working on this problem a few hours already) but it did not help to follow the instructions.

As a test I also used the hwaddress in /etc/network/interfaces in the virtual machine, but it did not help, too.

Here my /etc/network/interface of proxmox-server


 cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface enp0s31f6 inet manual

auto vmbr0
iface vmbr0 inet static
        address 94.130.16.31/32
        netmask 255.255.255.255
        pointopoint 94.130.16.1
        gateway 94.130.16.1
        hw address 90:1b:0e:cd:04:d9
        bridge-ports enp0s31f6
        bridge-stp off
        bridge-fd 1
        bridge-hello 2
        bridge-maxage 12

iface vmbr0 inet6 static
        address 2a01:4f8:10b:1460::/64
        gateway fe80::1
        pointopoint fe80::1
        bridge-hello 2
        bridge-maxage 12

I am really confused. How can I tell the host jut to accept the Mac given by guest-configuration?

Greetz Thomas

spirit · Nov 3, 2021

if you are talking about mac on tapX && fwbr interface, this is normal that they are different, and shouldn't announce , go outside your server.

13: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000 link/ether 9e:0a:4a:04:05:23 brd ff:ff:ff:ff:ff:ff 14: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000 link/ether 5a:8c:c4:f3:e4:59 brd ff:ff:ff:ff:ff:ff 15: tap102i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr102i0 state UNKNOWN group default qlen 1000 link/ether 32:78:d9:f4:8e:ab brd ff:ff:ff:ff:ff:ff 16: fwbr102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether c6:37:6c:5b:0e:ea brd ff:ff:ff:ff:ff:ff 17: fwpr102p0@fwln102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000 link/ether 1e:73:e7:94:e5:fd brd ff:ff:ff:ff:ff:ff 18: fwln102i0@fwpr102p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP group default qlen 1000 link/ether 42:52:04:3e:5a:ec brd ff:ff:ff:ff:ff:ff

Your provided vm config is ok (mac defined in gui, the the mac inside the vm). (BTW, don't use rtl8139, use virtio for performance)

ThomasH said:
Configuration of one VM as example for all my machines

View attachment 31065
---

View attachment 31066

But they are 2 exceptions where the mac of fwbr firewall could send traffic with their mac:

- if you use REJECT firewall rules. (never use REJECT because it's using the fwbr mac to send rst packet, use DROP instead)
- also add in /etc/sysctl.d/pve.conf
"net.ipv4.igmp_link_local_mcast_reports = 0"

because on vm stop/start the fwbr bridge could send igmp report on the network with the wrong mac address.

I don't known your hosting provider, but we have some discussion here about hetzner blocking server because of this.
https://forum.proxmox.com/threads/proxmox-claiming-mac-address.52601/page-8#post-425976

ThomasH · Nov 3, 2021

Yes, I am at Hetzner, too. And it starts to happen as I did an upgrade from 6.3.x to 6.4, now I start to understand why.

My Firewall always drops. For a reject, I see less reasons.
I added now the recommended conf and will follow the discussion, too you sent me the link.

I hope, the problem is solved with your tips. Well, we will see.

ThomasH · Nov 4, 2021

All right, this problem seems to be solved (for the first.

All, who are looking for a solution here is it, but I strongly recommend to read the thread here in the forum sent by spirit (THANKS! YOU SAVED MY LIFE AND MY WONDERFUL LONG HAIR!) at

https://forum.proxmox.com/threads/proxmox-claiming-mac-address.52601/

The summary of the solution is:

1) Change all REJECT in the firewall to DROP.
The reason is well described in the thread above and it seems to me very clear, what alxgarder announced in his/her post:
https://forum.proxmox.com/threads/proxmox-claiming-mac-address.52601/page-2#post-415493
2) in /etc/sysctl.d/pve.conf insert a "net.ipv4.igmp_link_local_mcast_reports = 0" (without quotations)
3) disable and switch off the sysctl-services:

systemctl disable rpcbind.service rpcbind.socket rpcbind.target run-rpc_pipefs.mount
  systemctl stop rpcbind.service rpcbind.socket rpcbind.target run-rpc_pipefs.mount

This is, what I did and it helped.

Search

Search

[SOLVED] Given Mac in VM is not same like Mac reported in pve (also HETZNER-Problem)

ThomasH

Well-Known Member

spirit

Distinguished Member

ThomasH

Well-Known Member

spirit

Distinguished Member

ThomasH

Well-Known Member

ThomasH

Well-Known Member

We value your privacy