[SOLVED] Help with LXC Container Network Issue

I

ifmael

New Member
Jan 30, 2024
6
0
1
Hi everyone,

I’m facing a network issue with my LXC containers on Proxmox. All newly created containers are unable to connect to the internet, even during the installation process. The error states there’s no internet connection, but my existing containers have full connectivity and work fine.

Here are the details:

  1. Container Creation:
    • All my containers, including the ones already installed and the new ones I’m trying to create, come from this repository.
    • The specific script I used for one of the problematic containers is this one.
  2. Issue:
    • The newly created container has a static IP (192.168.1.20/24) and the correct gateway (192.168.1.1).
    • It cannot reach the gateway or any other device on the network.
    • During creation, the script reports no internet connection, but the Proxmox host and existing containers have connectivity.
  3. Host Network Configuration:
    • Proxmox host IP: 192.168.1.9/24.
    • Network bridge (vmbr0) is configured with enp2s0 as the bridge port.
  4. Tests Performed:
    • tcpdump on the host shows the container is sending ARP requests but doesn’t receive any replies.
    • Enabling net.ipv4.ip_forward=1 on the host breaks connectivity for existing containers, so I’ve left it disabled.
    • The issue occurs with all new LXC containers, not just the one created with the script.
I’m not sure if this is an issue with the bridge, Proxmox configuration, or something else. Any help or suggestions to debug this would be greatly appreciated!

Thanks in advance!
 

Attachments

  • unnamed (1).jpg
    unnamed (1).jpg
    40.7 KB · Views: 7
ifmael said:
The newly created container has a static IP (192.168.1.20/24) and the correct gateway (192.168.1.1).
Click to expand...
In your screenshot there ist 192.168.1.17

Maybe for the script it's an DNS issue - have you tried to specify the DNS Server to 192.168.1.1 (Just guessing)?
Is your Proxmox on the same Subnet without VLAN ond vmbr0?

But sometimes it helps systemctl restart networking to restart the networking stack of the PVE
 
Can you ping the newly created LXC?

Have you tested DNS both on the host & LXC?

Have you checked for an IP conflict on your NW?

Have you checked for a MAC address conflict within your NW?

What happens if you change one of the running (& connected) LXCs to that newly tried IP 192.168.1.20/24 (after deleting/shutdown of the newly created LXC), does it still have a connection?

In the image I see you have an Omada Controller LXC. What NW/ firewalling / configuring is being done by it to your system.
(I'm not really familiar with the product - but I guess it has potential to be an issue. Did this problem begin after you installed this LXC?).

If you create a new VM, does it have a proper connection?

Could you provide output of cat /etc/network/interfaces

I take it you've installed a number of LXCs from online-scripts. Be aware that blindly running scripts has the potential of breaking a system (much like has happened to you), or worse by being a security risk. What was the last script you installed before the above problem occurred?
 
I apologize for the screenshot, it doesn't match the information I provided, but I didn't have a screenshot of the AdGuard container with the IP address I mentioned. It was to exemplify what happens when I install an LXC (which happens with all the new ones I create)

tscret said:
Maybe for the script it's an DNS issue - have you tried to specify the DNS Server to 192.168.1.1 (Just guessing)?
Click to expand...

Regarding the DNS configuration, here's the output of /etc/resolv.conf from one of the newly created LXCs that's experiencing the issue:


Code: 
root@adguard:~# cat /etc/resolv.conf
# --- BEGIN PVE ---
search ifmael.com
nameserver 8.8.8.8

As you can see, it's currently using Google's public DNS server (8.8.8.8). I also tried to create a new LXC and manually set the DNS server to my gateway's IP address (192.168.1.1) during creation, but unfortunately, the problem persists.

tscret said:
Is your Proxmox on the same Subnet without VLAN ond vmbr0?
Click to expand...

Yes, my Proxmox node is on the same subnet (192.168.1.0/24) as my LXCs and VMs. The IP address of vmbr0 is 192.168.1.9/24. I am not using VLANs on vmbr0.




gfngfn256 said:
Can you ping the newly created LXC?

Have you tested DNS both on the host & LXC?
Click to expand...

I can ping the newly created LXC (e.g., 192.168.1.20) from the Proxmox host and vice-versa. However, from the LXC, I can't ping the gateway (192.168.1.1) or external addresses like google.com. DNS resolution also fails within the LXC.

Here are some outputs:

From promox host

Code: 
root@homelab:~# ip a
(See previous response for full output)

root@homelab:~# ping 192.168.1.20
PING 192.168.1.20 (192.168.1.20) 56(84) bytes of data.
64 bytes from 192.168.1.20: icmp_seq=1 ttl=64 time=0.113 ms
...

root@homelab:~# ping google.com
PING google.com (142.250.200.142) 56(84) bytes of data.
64 bytes from mad41s14-in-f14.1e100.net (142.250.200.142): icmp_seq=1 ttl=118 time=22.2 ms
...

From within the LXC

Code: 
root@adguard:~# ping 192.168.1.9
PING 192.168.1.9 (192.168.1.9) 56(84) bytes of data.
64 bytes from 192.168.1.9: icmp_seq=1 ttl=64 time=0.027 ms
...

root@adguard:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
... (No response)

root@adguard:~# ping google.com
... (No response)


gfngfn256 said:
Have you checked for an IP conflict on your NW?
Click to expand...
I've checked for IP conflicts. The IPs I'm using for the new LXCs are not assigned to any other device on my network. The DHCP server assigns IPs in a higher range. Also, I've tested creating containers with different IPs, and the result is the same.

gfngfn256 said:
Have you checked for a MAC address conflict within your NW?
Click to expand...
I haven't detected any MAC address conflicts. The LXCs and VMs have different MACs generated by Proxmox.

gfngfn256 said:
In the image I see you have an Omada Controller LXC. What NW/ firewalling / configuring is being done by it to your system.
(I'm not really familiar with the product - but I guess it has potential to be an issue. Did this problem begin after you installed this LXC?).
Click to expand...
Yes, I have an Omada Controller LXC. However, I don't believe it's causing the problem since its function is to manage my Wi-Fi access points and it doesn't perform any firewalling or network configuration on the Proxmox host. Many of my LXCs were created after installing this LXC and I have also tried creating new LXCs with it shut down, and I am still having the same issues.

gfngfn256 said:
If you create a new VM, does it have a proper connection?
Click to expand...
No, a new VM also doesn't get a proper network connection. I've tried with both DHCP and static IP, but it has the same connectivity problems as the LXCs.
gfngfn256 said:
Could you provide output of cat /etc/network/interfaces
Click to expand...


Code: 
 root@homelab:~# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface enp2s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.9/24
        gateway 192.168.1.1
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0

iface wlp3s0 inet manual

source /etc/network/interfaces.d/*

gfngfn256 said:
I take it you've installed a number of LXCs from online-scripts. Be aware that blindly running scripts has the potential of breaking a system (much like has happened to you), or worse by being a security risk. What was the last script you installed before the above problem occurred?
Click to expand...
Honestly, I don't remember exactly because I've done so many tests that I don't know for sure.
 
ifmael said:
root@homelab:~# cat /etc/network/interfaces # network interface settings; autogenerated # Please do NOT modify this file directly, unless you know what # you're doing. # # If you want to manage parts of the network configuration manually, # please utilize the 'source' or 'source-directory' directives to do # so. # PVE will preserve these directives, but will NOT read its network # configuration from sourced files, so do not attempt to move any of # the PVE managed interfaces into external files! auto lo iface lo inet loopback iface enp2s0 inet manual auto vmbr0 iface vmbr0 inet static address 192.168.1.9/24 gateway 192.168.1.1 bridge-ports enp2s0 bridge-stp off bridge-fd 0 iface wlp3s0 inet manual source /etc/network/interfaces.d/*
Click to expand...
hmmm maybe it's an issue that you don't autostart enp2s0 as the host internal communication works it's maybe a problem with the uplink.

Edit /etc/network/interfaces

[...]
auto enp2s0
iface enp2so inet manual
[...]

execute systemctl restart networking
 
ifmael said:
cat /etc/network/interfaces
Click to expand...
Looks OK to me.
The only thing worth considering, I see:
ifmael said:
iface wlp3s0 inet manual
Click to expand...
This is the WiFi NIC of the host, it may be worth commenting out, (you may have had some assigned IP on the NW with this in the past).

ifmael said:
Code: 
root@homelab:~# ip a 
(See previous response for full output)
Click to expand...
I do not see it anywhere in this thread.

So please provide output for the following:
Code: 
ip a

cat /etc/hostname

cat /etc/hosts

What do the firewalling settings show? Show GUI images of the Firewall, Options for Datacenter, Node & effected LXC.
 
tscret said:
Edit /etc/network/interfaces

[...]
auto enp2s0
iface enp2so inet manual
[...]
Click to expand...

I don't understand what you mean, I have enabled the enbp2s0 interface in autostart

1736260743113.png
gfngfn256 said:
ip a cat /etc/hostname cat /etc/hosts
Click to expand...

Code: 
root@homelab:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether 38:f7:cd:c6:d7:d5 brd ff:ff:ff:ff:ff:ff
3: wlp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether f8:54:f6:69:44:3e brd ff:ff:ff:ff:ff:ff
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 38:f7:cd:c6:d7:d5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.9/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::3af7:cdff:fec6:d7d5/64 scope link
       valid_lft forever preferred_lft forever
5: veth103i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether fe:08:52:aa:30:bc brd ff:ff:ff:ff:ff:ff link-netnsid 0
6: veth105i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether fe:9a:e1:97:fa:3b brd ff:ff:ff:ff:ff:ff link-netnsid 1
7: veth104i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether fe:ce:1f:8c:45:7a brd ff:ff:ff:ff:ff:ff link-netnsid 2
8: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 02:2a:a6:57:b9:3f brd ff:ff:ff:ff:ff:ff
9: veth101i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether fe:fc:c4:df:c3:d3 brd ff:ff:ff:ff:ff:ff link-netnsid 3
10: veth102i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether fe:e1:d7:09:a6:86 brd ff:ff:ff:ff:ff:ff link-netnsid 4
11: veth106i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether fe:25:48:4f:59:ca brd ff:ff:ff:ff:ff:ff link-netnsid 5
13: veth107i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether fe:14:c5:6b:71:b5 brd ff:ff:ff:ff:ff:ff link-netnsid 6
Code: 
root@homelab:~# cat /etc/hostname
homelab
root@homelab:~# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.100 homelab.ifmael.com homelab

# The following lines are desirable for IPv6 capable hosts

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
root@homelab:~# lxc-attach -n 107
root@adguard:~# cat /etc/hostname
adguard
root@adguard:~# cat /etc/hosts
127.0.0.1       localhost
::1             localhost ip6-localhost ip6-loopback
ff02::1         ip6-allnodes
ff02::2         ip6-allrouters
# --- BEGIN PVE ---
192.168.1.20 adguard.ifmael.com adguard
# --- END PVE ---
root@adguard:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: eth0@if13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether bc:24:11:b6:1b:c9 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.20/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::be24:11ff:feb6:1bc9/64 scope link
       valid_lft forever preferred_lft forever
 
ifmael said:
Code: 
root@homelab:~# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.100 homelab.ifmael.com homelab
Click to expand...
This address (second line) is wrong; your local IP of your node as above is: 192.168.1.9 change it.
 
Last edited:
ifmael said:
Why was this happening?
Click to expand...
It's always hard to backtrack & workout why something did not work / got changed.
But as you have mentioned in this thread you have done lots of tinkering plus you've run numerous scripts (I've already advised you strongly against this). This has the potential to get you where you got.

I'll just say Proxmox needs to be run using a statically-set (inside the host) IP address - and as a good measure choose one that is outside the normal range of your DHCP server. This is best practice. I suspect somewhere along the lines your local IP for the host got conflicted/changed.

Happy you got it working, maybe mark this thread as Solved. At the top of the thread, choose the Edit thread button, then from the (no prefix) dropdown choose Solved.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom