[SOLVED] Host can't update, but VM's can access internet.

[Jonasmedj]

Hello all!

I've recently launched a proxmox server with 3 VM's. The VM's are the following: RHEL, Windows and OPNsense.

My LAN is on this subnet: 10.0.115.0/24.

My Proxmox host is located on 10.0.115.253.
Proxmox gateways:
WAN: 10.0.115.252
LAN: Nothing.

My RHEL VM is located on 10.0.115.250

Finally my Windows VM is located on 10.0.115.240.

My OPNsense acts as a WAN/LAN firewall, which is also located on 10.0.115.252/24.

The gateways I have on my OPNsense firewall:
LAN: 10.0.115.252
WAN: 10.0.142.1


My issue is that I can't ping neither the firewall (10.0.115.252) or any public DNS servers (1.1.1.1, 8.8.8.8). My DNS servers are correct.

Does anyone have any ideas? I can of course provide more information if needed.

 

[Jonasmedj]

Follow up:

My OPNsense VM is getting a WAN address from DHCP, which is 10.0.142.19, which is routing to 10.0.142.1.

I have 0 clue as to what might be the issue - I can't find the proxmox host in my OPNsense ARP table, I can't ping it or anything. I've tried changing the host gateway to the one shown above, without success.

Also - my VM's can't ping the host and vice versa.

 

[sw-omit]

Posting the config from /etc/network/interfaces might help, but judging just by the above, your issues might be that you put the gateway/IP on the WAN side instead of the LAN side.
Since your router is on the lan side of the network, and your proxmox also has a lan-IP, it will need to also go through your opnsense-VM to reach the internet, or instead it would need it's own, seperate, WAN-IP (and correct gateway), but you probably don't want that.
So it needs to know it needs to use the LAN-port to reach it's own internal lan-switch, to then reach the opnsense.

 

[Jonasmedj]

Posting the config from /etc/network/interfaces might help, but judging just by the above, your issues might be that you put the gateway/IP on the WAN side instead of the LAN side.
Since your router is on the lan side of the network, and your proxmox also has a lan-IP, it will need to also go through your opnsense-VM to reach the internet, or instead it would need it's own, seperate, WAN-IP (and correct gateway), but you probably don't want that.
So it needs to know it needs to use the LAN-port to reach it's own internal lan-switch, to then reach the opnsense.

interfaces configuration (with changes, and yes I did a reboot of everything, individually, twice):

auto lo
iface lo inet loopback

iface eno1 inet manual
#WAN

iface enp5s0 inet manual
#LAN

iface enp6s0 inet manual
#LAN

auto vmbr0
iface vmbr0 inet static
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#WAN

auto vmbr1
iface vmbr1 inet static
address 10.0.115.253/24
gateway 10.0.115.252
bridge-ports enp5s0 enp6s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#LAN

source /etc/network/interfaces.d/*



It should be noted that my network adapters for my OPNsense firewall has VLAN configured as this:
WAN: VLAN 142
LAN: VLAN 820

I still don't have any connection - is it because I need to reconfigure my vmbr1 as vmbr1.820 to allow for the Proxmox host to access that VLAN? (In order to stay available on LAN side of things)

 

[sw-omit]

Since your Proxmox-server is not on a VLAN and the other traffic is, they of course can't talk to eachother.
You'll need to do one of 3 things:

• Put your proxmox-IP on the LAN-VLAN
• Move all LAN to untagged
• Make a untagged third interface on your OPNsense-VM and put a seperate subnet (not vlan) on both that port and proxmox on that subnet.

With the third option all your LAN-devices can then reach the proxmox through the OPNSense-router (if allowed by the firewall.)

 

[Jonasmedj]

Since your Proxmox-server is not on a VLAN and the other traffic is, they of course can't talk to eachother.
You'll need to do one of 3 things:

• Put your proxmox-IP on the LAN-VLAN
• Move all LAN to untagged
• Make a untagged third interface on your OPNsense-VM and put a seperate subnet (not vlan) on both that port and proxmox on that subnet.

With the third option all your LAN-devices can then reach the proxmox through the OPNSense-router (if allowed by the firewall.)

Yeah, I finally realized this, since I'm just over here being a dummy.

But thank you so much for the help anyways, the first response you posted, ended up helping me find the solution!