Host and CTs can't ping google but can ping gateway (WLAN and LAN)

J

jezzabell

New Member
May 10, 2023
9
1
3
Hi all,
New to proxmox and I can appreciate that this is yet another internet connection issue post.

I've been through most posts trying to implement the changes etc, so I've made a lot of variations and tweaks so it might be a bit of a mess. So thank you in advance for your help and patience.

I followed this tutorial to set up WLAN: https://forum.proxmox.com/threads/h...n-a-laptop-workstation-with-wifi-wlan.102395/
I installed the LXQt desktop.

My VE host via WLAN and LAN currently can ping my router, but not beyond that.

Ideally, I would like to be able to use LAN and WLAN for my host and VMs/containers to reach the internet. My understanding from that tutorial is that it is possible.
Maybe I've misinterpreted that, and might need to redo a lot of past work, or just start fresh?

Details:
Router IP: 192.168.2.1 (managed DHCP)
Modem beyond router: 192.168.1.1

Static IP settings in the router for proxmox:
1683688824594.png

From host:
Works: ping -I enp0s25 google.com
Works: ping 192.168.2.1
Doesn't work: ping google.com
Doesn't work: ping -I wlp3s0 google.com

If I disconnect the WLAN, I cannot access Proxmox via 192.168.2.138
192.168.2.137 doesn't respond under any circumstances even though the MAC address for the wired connection (enp0s25) is correct.

From Alpine container:
Doesn't work: ping 192.168.2.1
Doesn't work: ping google.com
Doesn't work: ping 10.10.10.1

Here's my: /etc/network/interfaces from pve-host
Code: 
auto lo
iface lo inet loopback

auto wlp3s0
iface wlp3s0 inet dhcp

auto enp0s25
iface enp0s25 inet dhcp

auto vmbr0
iface vmbr0 inet static
        address 10.10.10.1/24
        gateway 192.168.2.1
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o wlp3s0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o wlp3s0 -j MASQUERADE
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1


ip a && ip r for pve-host

Code: 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 3c:97:0e:78:a5:04 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.63/24 brd 192.168.2.255 scope global enp0s25
       valid_lft forever preferred_lft forever
    inet6 fdf8:578b:7a79:6dc5:3e97:eff:fe78:a504/64 scope global dynamic mngtmpaddr
       valid_lft 1648sec preferred_lft 1648sec
    inet6 fd55:6228:948d::137/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fd55:6228:948d:0:3e97:eff:fe78:a504/64 scope global dynamic mngtmpaddr
       valid_lft forever preferred_lft forever
    inet6 fe80::3e97:eff:fe78:a504/64 scope link
       valid_lft forever preferred_lft forever
3: wlp3s0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 9c:4e:36:a4:36:dc brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.138/24 brd 192.168.2.255 scope global wlp3s0
       valid_lft forever preferred_lft forever
    inet6 fdf8:578b:7a79:6dc5:9e4e:36ff:fea4:36dc/64 scope global dynamic mngtmpaddr
       valid_lft 1648sec preferred_lft 1648sec
    inet6 fd55:6228:948d::138/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fd55:6228:948d:0:9e4e:36ff:fea4:36dc/64 scope global dynamic mngtmpaddr
       valid_lft forever preferred_lft forever
    inet6 fe80::9e4e:36ff:fea4:36dc/64 scope link
       valid_lft forever preferred_lft forever
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f2:a1:51:e2:93:eb brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.1/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::f0a1:51ff:fee2:93eb/64 scope link
       valid_lft forever preferred_lft forever
5: veth100i0@if2: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether fe:06:91:5d:5d:61 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 169.254.240.78/16 brd 169.254.255.255 scope global veth100i0
       valid_lft forever preferred_lft forever
    inet6 fe80::fc06:91ff:fe5d:5d61/64 scope link
       valid_lft forever preferred_lft forever
6: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4a:34:84:fc:8e:a8 brd ff:ff:ff:ff:ff:ff
7: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether c2:9f:a7:71:92:41 brd ff:ff:ff:ff:ff:ff
    inet 169.254.66.240/16 brd 169.254.255.255 scope global fwpr100p0
       valid_lft forever preferred_lft forever
    inet6 fe80::c09f:a7ff:fe71:9241/64 scope link
       valid_lft forever preferred_lft forever
8: fwln100i0@fwpr100p0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether ee:0f:f2:32:87:08 brd ff:ff:ff:ff:ff:ff
    inet 169.254.160.192/16 brd 169.254.255.255 scope global fwln100i0
       valid_lft forever preferred_lft forever
    inet6 fe80::ec0f:f2ff:fe32:8708/64 scope link
       valid_lft forever preferred_lft forever
default via 192.168.2.1 dev enp0s25
10.10.10.0/24 dev vmbr0 proto kernel scope link src 10.10.10.1
169.254.0.0/16 dev veth100i0 proto kernel scope link src 169.254.240.78
169.254.0.0/16 dev fwln100i0 proto kernel scope link src 169.254.160.192
169.254.0.0/16 dev fwpr100p0 proto kernel scope link src 169.254.66.240
192.168.2.0/24 dev enp0s25 proto kernel scope link src 192.168.2.63
192.168.2.0/24 dev wlp3s0 proto kernel scope link src 192.168.2.138
192.168.2.1 dev wlp3s0 scope link
192.168.2.1 dev enp0s25 scope link

Here's my: /etc/network/interfaces from Alpine-container
Code: 
auto lo
iface lo inet loopback
iface lo inet6 loopback


auto eth0
iface eth0 inet dhcp


iface eth0 inet6 manual


auto veth0
iface veth0 inet dhcp


iface veth0 inet6 manual

ip a && ip r for Alpine-container
Code: 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: veth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 1e:c8:30:ce:d8:ca brd ff:ff:ff:ff:ff:ff
    inet6 fe80::1cc8:30ff:fece:d8ca/64 scope link
       valid_lft forever preferred_lft forever


I hope the above is valuable and helpful!
 
iface vmbr0 inet static
address 10.10.10.1/24
gateway 192.168.2.1
Click to expand...
Interface IP address and gateway must be in the same network.
So, if you gateway is 192.168.2.1, vmbr0 ip address might be 192.168.2.5/24 for example.
It seems that your CT has no ipv4 address. Maybe it cannot get it from dhcp?
 
remark said:
Interface IP address and gateway must be in the same network.
So, if you gateway is 192.168.2.1, vmbr0 ip address might be 192.168.2.5/24 for example.
It seems that your CT has no ipv4 address. Maybe it cannot get it from dhcp?
Click to expand...
Thanks! You raised a good point, so now my gateway is shown against my physical interface, not the vmbr.
I noticed a few points of difference between: https://pve.proxmox.com/wiki/Networ...ith_tt_span_class_monospaced_iptables_span_tt
and https://forum.proxmox.com/threads/h...n-a-laptop-workstation-with-wifi-wlan.102395/

I've updated my: /etc/network/interfaces from pve-host
Now I get PVE-Host PING with Google with WLAN and LAN.

But the [B]Alpine-container[/B] doesn't ping.
The vmbr0 still gives the status of state DOWN
And, veth0 still gives the status of state LOWERLAYERDOWN

I also tried changing all the iptable routes to the enp0s25 interface with the associated settings. The updated table below is configured on the wlp3s0 interface.

Code: 
auto lo
iface lo inet loopback

auto wlp3s0
iface wlp3s0 inet static
        address 192.168.2.138/24
        gateway 192.168.2.1
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/wlp3s0/proxy_arp

auto enp0s25
iface enp0s25 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.1/24' -o wlp3s0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.1/24' -o wlp3s0 -j MASQUERADE
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

My ping results from inside my Container:
Google failed, main router failed, and VE Host failed.
1683713711149.png

Looks like im getting a 192.168.2.xxx IP address:

Code: 
octo:~# ip a && ip r
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: veth0@if5: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 1e:c8:30:ce:d8:ca brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.65/24 brd 192.168.2.255 scope global veth0
       valid_lft forever preferred_lft forever
    inet6 fd55:6228:948d:0:1cc8:30ff:fece:d8ca/64 scope global dynamic flags 100
       valid_lft forever preferred_lft forever
    inet6 fdf8:578b:7a79:6dc5:1cc8:30ff:fece:d8ca/64 scope global dynamic flags 100
       valid_lft 1174sec preferred_lft 1174sec
    inet6 fe80::1cc8:30ff:fece:d8ca/64 scope link
       valid_lft forever preferred_lft forever
default via 192.168.2.1 dev veth0  metric 202
192.168.2.0/24 dev veth0 scope link  src 192.168.2.65

Maybe -- my container settings are incorrect?
1683713546181.png
1683713563883.png
1683713584987.png
 
Last edited:
Now you have 2 interfaces in one network, wlp3s0 and enps25. Is there any special reasons to have that scheme?
Common situation is one interface per one network.
 
remark said:
Now you have 2 interfaces in one network, wlp3s0 and enps25. Is there any special reasons to have that scheme?
Common situation is one interface per one network.
Click to expand...
I had that at the start, maybe one wasn't connected at the time.
One is Wireless LAN (wlp3s0) and the other is Wired LAN (enp0s25).
Typically, I won't use both at the same time, the WLAN will just be a fall back.
Thoughts?

noting - I have updated my earlier reply with more information etc.
 
Usually you should not use two interfaces at the same network.
Disconnect WLAN and and make full working setup using LAN only.
As I can understand, the second interface (WLAN) just confusing you.
 
remark said:
Usually you should not use two interfaces at the same network.
Disconnect WLAN and and make full working setup using LAN only.
As I can understand, the second interface (WLAN) just confusing you.
Click to expand...
Okay - given the current situation and setup, whats the best way to deactivate WLAN and fix the configuration?
 
jezzabell said:
Okay - given the current situation and setup, whats the best way to deactivate WLAN and fix the configuration?
Click to expand...
Just leave WLAN unconfigured at this time. Maybe you will configure it later for some purposes.
Remove
Code: 
auto wlp3s0
from /etc/network/interfaces or comment it out.
Also replace
Code: 
iface wlp3s0 inet static
with
Code: 
iface wlp3s0 inet manual
Next, you have vmbr0 already bridged with you LAN connection. Use vmbr0 as host network interface to provide network for your virtual machines and/or containers. Remember that you must configure network to have ip addresses in the same network unless you have some VLAN confiiguration.

Possible host configuration is:
vmbr0: ip address 192.168.2.XXX/24
gateway is 192.168.2.1 (your router)
dns is 192.168.2.1 (your router) or maybe 8.8.8.8 (check /etc/resolv.conf)
So, you can ping google or everything you want from host.
Also I think you have to remove all 'post-up' and 'post-down' lines, you don't need them. NAT to outside performed by your router. At least, comment these lines out.

Possible VM/CT configuration is:
network bridge vmbr0, ip address is static in 192.168.2.0/24 network or acquired from dhcp. If static, make sure it not crossing with your dhcp range.
gateway is 192.168.2.1 (your router, set manually or get from dhcp)
dns is 192.168.2.1 (your router, set manually or get from dhcp)

Disable, at least for testing, all firewall on Proxmox host including VM and CT firewalls. You protected by your router, unless you have port forward.

Test your network connections from host and VM/CT.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back