host and internet cant reach vms

[mosalam]

the host on hetzner.com & internet cant reach the vms
vms can reach host & internet perfectly

host configuration :

interface:
auto enp4s0
iface enp4s0 inet static
address 46.4.103.25/27
gateway 46.4.103.1
pointopoint 46.4.103.1

auto vmbr0
iface vmbr0 inet static
address 178.63.195.96/28
bridge-ports none
bridge-stp off
bridge-fd 0
-----------------------------------------------------------
root@prox2:~# ip route
default via 46.4.103.1 dev enp4s0 onlink
46.4.103.1 dev enp4s0 proto kernel scope link src 46.4.103.25
178.63.195.96/28 dev vmbr0 proto kernel scope link src 178.63.195.96
-----------------------------------------------------------------------------------------------------------
/etc/sysctl.conf :

net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=1
net.ipv4.icmp_echo_ignore_broadcasts=1
-----------------------------------------------------------------------------------------------------------

what is wrong?
thanks.

 

[wolfgang]

Hi,

this is not Proxmox VE related, please consult the Hetzner Wiki or ask the support.

 

[mosalam]

here is their reply:

Dear Client,

As requetsed, we have checked the IP-addresses of your server brielfy from our side and everything is working properly:
---------------------------------------
# mtr -nrc2 46.4.103.25
Start: 2020-10-31T20:46:25+0100
HOST: Support-Hetzner Loss% Snt Last Avg Best Wrst StDev
2.|-- 88.198.139.62 0.0% 2 0.4 0.5 0.4 0.6 0.2
3.|-- 213.239.245.97 50.0% 2 2.0 2.0 2.0 2.0 0.0
4.|-- 213.239.229.118 0.0% 2 1.9 1.2 0.5 1.9 0.9
5.|-- 46.4.103.25 0.0% 2 0.6 0.7 0.6 0.7 0.0
Outbound test was successful.

 

[mosalam]

where I could found someone to solve this issue for me, of course I will pay, but not much because i am doing this project to learn.

 

[wolfgang]

We do no configuration.
here are some Hezner docs that show examples of networking.
https://docs.hetzner.com/de/cloud/servers/static-configuration
https://dominicpratt.de/hetzner-proxmox-network-configuration/

 

[mosalam]

thanks for your support, but I need to explain that: I already read all the manuals and tutorials, and I applied it perfectly, and the proof is : everything is working.
all the problems now that the connections to the additional ips are interruptable, sometimes it's working sometimes it's not.
and from my logical point of view it is hard to be misconfiguration that causing this issue.
if you had any extra ideas please feedback me.

one more question, if I buy proxmox Subscription would it help me in this case?

thanks again.

 

[vikozo]

... sometimes it's working sometimes it's not....
check if all your IP's are set correct with subnetmask and Gateway

 

[mosalam]

... sometimes it's working sometimes it's not....
check if all your IP's are set correct with subnetmask and Gateway

all ips are set automatically through DHCP.
all ips on VM are pingable.
all VMS can go to the internet fast and stable.

do you have any other ideas?

 

[vikozo]

have you setup your Firewall? with NAT?
did you teach your DNS Server about your server and name?

 

[mosalam]

have you setup your Firewall? with NAT?
did you teach your DNS Server about your server and name?

I am using routed configuration, as they described in hetzner manuals.
no need to set a firewall or nat as I guess.

and if it was a firewall issue it wouldn't ping at all.

 

[wolfgang]

one more question, if I buy proxmox Subscription would it help me in this case?

I'm sorry but network configuration is out of scope.
So no it would help nothing.

The problem is that hetzner delivers you packages to your mac of the nic enp4s0.
Hat this point you need a routed setup[1] to deliver the packages to the corresponding VM.

1.) https://pve.proxmox.com/wiki/Network_Configuration#_routed_configuration

 

[mosalam]

The problem is that hetzner delivers you packages to your mac of the nic enp4s0.
Hat this point you need a routed setup[1] to deliver the packages to the corresponding VM.

and that what I am doing exactly, if you look at these pics you will get what i mean :

 

[wolfgang]

Corresponding to your network configuration on top you have no routing enabled.
It is normal that you can ping the bridge but not the nic.

This is missing on your nic configuration

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp

 

[mosalam]

I applied this but still the same :

 

[mosalam]

problem solved, I paid money for a tech guy who is trickier than hetzner and he solves this for me , i will write full report case with that in two or more days. but for now, simply he did that configuration to the interfaces :



auto enp4s0
iface enp4s0 inet static
address 46.4.103.25/27
gateway 46.4.103.1
pointopoint 46.4.103.1

auto vmbr0
iface vmbr0 inet manual
address 46.4.103.25/27
bridge-ports none
bridge-stp off
bridge-fd 0
up ip route add 178.63.195.96/28 dev vmbr0

auto vmbr0:0
iface vmbr0:0 inet static
address 178.63.195.96
netmask 255.255.255.255

 

[ozgurerdogan]

I have it same but still can not have vm reach internet. What is your vms ip config ?

My node is:
auto lo
iface lo inet loopback

auto enp35s0
iface enp35s0 inet static
address 135.181.117.227/27
gateway 135.181.117.193
pointopoint 135.181.117.193

auto vmbr0
iface vmbr0 inet manual
address 135.181.117.227/27
bridge-ports none
bridge-stp off
bridge-fd 0
up ip route add 135.181.125.191/28 dev vmbr0


auto vmbr1
iface vmbr1 inet static
address 135.181.125.191
netmask 255.255.255.255

 

[ozgurerdogan]

Same config work fine in server in Germany but not with server in Helsinki.

 

[mosalam]

Same config work fine in server in Germany but not with server in Helsinki.

the same happens to me:
I got this idea today :
the first server in FSN1-DC7 was working fine, without any interference from me it was working by the default routed configuration. and everything is good, fine, and smooth.

the second server in FSN1-DC5, it didn't work unless I typed the configuration above, i guess its a firewall issue in Germany,

or the server needs someone who really understands the operating system and routing.

or simply the most reasonable idea is: the servers in Germany are cursed and the servers in other locations are blessed.

 

[ozgurerdogan]

Ok after spending a day, I found a stable network setting. So it might help some one else:
On a fresh install of Pve 6, /etc/network/interface :

auto lo
iface lo inet loopback

iface enp35s0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 135.181.117.227 # Main Ip
    netmask 255.255.255.192 # Main Subnet
    gateway 135.181.117.193 # Main Ip Gateway
    bridge-ports enp35s0
    bridge-stp off
    bridge-fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward



auto vmbr1
iface vmbr1 inet static
    address 135.181.125.191 # Aditional ip broadcast
    bridge-ports none
    bridge-stp off
    bridge-fd 0
    hwaddress ether a8:a1:59:36:6b:d2 # Mac of node to fix windows vm create a new network on eash startup..
    up route add -net 135.181.125.176 netmask 255.255.255.240 dev vmbr1 # 135.181.125.176/28 - Additional Ip subnet as seen in robot of Hetzner

So nothing else needs to be edited. This took me a day Weird thing is, I also have a server in Germany of Hetzner which did not need hwaddress ether and up route.