Guest cannot reach external network

[Jiri Provaznik]

pve:
(bridge)

auto lo
iface lo inet loopback

auto ens32
iface ens32 inet manual

auto vmbr0
iface vmbr0 inet static
address 172.22.79.114/16
gateway 172.22.0.1
bridge-ports ens32
bridge-stp off
bridge-fd 0

root@pve:/etc/network# ping 172.22.0.1
PING 172.22.0.1 (172.22.0.1) 56(84) bytes of data.
64 bytes from 172.22.0.1: icmp_seq=1 ttl=255 time=0.281 ms
64 bytes from 172.22.0.1: icmp_seq=2 ttl=255 time=0.259 ms
64 bytes from 172.22.0.1: icmp_seq=3 ttl=255 time=0.268 ms

root@pve:/etc/network# ping 172.22.79.39
PING 172.22.79.39 (172.22.79.39) 56(84) bytes of data.
64 bytes from 172.22.79.39: icmp_seq=1 ttl=64 time=1.09 ms
64 bytes from 172.22.79.39: icmp_seq=2 ttl=64 time=0.656 ms
64 bytes from 172.22.79.39: icmp_seq=3 ttl=64 time=0.914 ms

root@pve:/etc/network# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
link/ether 00:50:56:a5:4d:a2 brd ff:ff:ff:ff:ff:ff
altname enp2s0
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:50:56:a5:4d:a2 brd ff:ff:ff:ff:ff:ff
inet 172.22.79.114/16 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fea5:4da2/64 scope link
valid_lft forever preferred_lft forever
4: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
link/ether 12:25:01:6a:57:5c brd ff:ff:ff:ff:ff:ff

pve gateway: 172.22.0.1

root@pve:/etc/network# ip r
default via 172.22.0.1 dev vmbr0 proto kernel onlink
172.22.0.0/16 dev vmbr0 proto kernel scope link src 172.22.79.114

VM:

gms:~ # ping 172.22.0.1
PING 172.22.0.1 (172.22.0.1) 56(84) bytes of data.
From 172.22.79.39: icmp_seq=19 Destination Host Unreachable
From 172.22.79.39 icmp_seq=19 Destination Host Unreachable
From 172.22.79.39 icmp_seq=20 Destination Host Unreachable

gms:~ # ping 172.22.79.114
PING 172.22.79.114 (172.22.79.114) 56(84) bytes of data.
64 bytes from 172.22.79.114: icmp_seq=1 ttl=64 time=0.759 ms
64 bytes from 172.22.79.114: icmp_seq=2 ttl=64 time=0.567 ms
64 bytes from 172.22.79.114: icmp_seq=3 ttl=64 time=0.635 ms

gms:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet 127.0.0.2/8 brd 127.255.255.255 scope host secondary lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether bc:24:11:1a:75:80 brd ff:ff:ff:ff:ff:ff
inet 172.22.79.39/16 brd 172.22.255.255 scope global eth0
inet6 fe80::be24:11ff:fe1a:7580/64 scope link
valid_lft forever preferred_lft forever

gms gateway: 172.22.0.1

gms:~ # ip r
default via 172.22.0.1 dev eth0
127.0.0.0/8 dev lo scope link
169.254.0.0/16 dev eth0 scope link
172.22.0.0/16 dev eth0 proto kernel scope link src 172.22.79.39

 

[Moayad]

Hi,

Can you please check if the `net.ipv4.ip_forward=1` on the Proxmox VE node? you can run the following command to check:

sysctl net.ipv4.ip_forward

If not you may have to set it e.g.:

sysctl -w net.ipv4.ip_forward=1

 

[Jiri Provaznik]

Thank you for your reply. Unfortunately the situation didn't change. A virtual machine cannot be reached from outside network.

I am testing possibilies of virtualization softwares now. So it's not time for Commercial Support Subscription.