[SOLVED] Host can't update, but VM's can access internet.

J

Jonasmedj

New Member
Sep 10, 2024
4
0
1
Hello all!

I've recently launched a proxmox server with 3 VM's. The VM's are the following: RHEL, Windows and OPNsense.

My LAN is on this subnet: 10.0.115.0/24.

My Proxmox host is located on 10.0.115.253.
Proxmox gateways:
WAN: 10.0.115.252
LAN: Nothing.

My RHEL VM is located on 10.0.115.250

Finally my Windows VM is located on 10.0.115.240.

My OPNsense acts as a WAN/LAN firewall, which is also located on 10.0.115.252/24.

The gateways I have on my OPNsense firewall:
LAN: 10.0.115.252
WAN: 10.0.142.1


My issue is that I can't ping neither the firewall (10.0.115.252) or any public DNS servers (1.1.1.1, 8.8.8.8). My DNS servers are correct.

Does anyone have any ideas? I can of course provide more information if needed.
 
Follow up:

My OPNsense VM is getting a WAN address from DHCP, which is 10.0.142.19, which is routing to 10.0.142.1.

I have 0 clue as to what might be the issue - I can't find the proxmox host in my OPNsense ARP table, I can't ping it or anything. I've tried changing the host gateway to the one shown above, without success.

Also - my VM's can't ping the host and vice versa.
 
Last edited:
Posting the config from /etc/network/interfaces might help, but judging just by the above, your issues might be that you put the gateway/IP on the WAN side instead of the LAN side.
Since your router is on the lan side of the network, and your proxmox also has a lan-IP, it will need to also go through your opnsense-VM to reach the internet, or instead it would need it's own, seperate, WAN-IP (and correct gateway), but you probably don't want that.
So it needs to know it needs to use the LAN-port to reach it's own internal lan-switch, to then reach the opnsense.
 
  • Like
Reactions: Jonasmedj
sw-omit said:
Posting the config from /etc/network/interfaces might help, but judging just by the above, your issues might be that you put the gateway/IP on the WAN side instead of the LAN side.
Since your router is on the lan side of the network, and your proxmox also has a lan-IP, it will need to also go through your opnsense-VM to reach the internet, or instead it would need it's own, seperate, WAN-IP (and correct gateway), but you probably don't want that.
So it needs to know it needs to use the LAN-port to reach it's own internal lan-switch, to then reach the opnsense.
Click to expand...
interfaces configuration (with changes, and yes I did a reboot of everything, individually, twice):

auto lo
iface lo inet loopback

iface eno1 inet manual
#WAN

iface enp5s0 inet manual
#LAN

iface enp6s0 inet manual
#LAN

auto vmbr0
iface vmbr0 inet static
bridge-ports eno1
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#WAN

auto vmbr1
iface vmbr1 inet static
address 10.0.115.253/24
gateway 10.0.115.252
bridge-ports enp5s0 enp6s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094
#LAN

source /etc/network/interfaces.d/*



It should be noted that my network adapters for my OPNsense firewall has VLAN configured as this:
WAN: VLAN 142
LAN: VLAN 820

I still don't have any connection - is it because I need to reconfigure my vmbr1 as vmbr1.820 to allow for the Proxmox host to access that VLAN? (In order to stay available on LAN side of things)
 
Last edited:
Since your Proxmox-server is not on a VLAN and the other traffic is, they of course can't talk to eachother.
You'll need to do one of 3 things:
  • Put your proxmox-IP on the LAN-VLAN
  • Move all LAN to untagged
  • Make a untagged third interface on your OPNsense-VM and put a seperate subnet (not vlan) on both that port and proxmox on that subnet.
With the third option all your LAN-devices can then reach the proxmox through the OPNSense-router (if allowed by the firewall.)
 
sw-omit said:
Since your Proxmox-server is not on a VLAN and the other traffic is, they of course can't talk to eachother.
You'll need to do one of 3 things:
  • Put your proxmox-IP on the LAN-VLAN
  • Move all LAN to untagged
  • Make a untagged third interface on your OPNsense-VM and put a seperate subnet (not vlan) on both that port and proxmox on that subnet.
With the third option all your LAN-devices can then reach the proxmox through the OPNSense-router (if allowed by the firewall.)
Click to expand...
Yeah, I finally realized this, since I'm just over here being a dummy.

But thank you so much for the help anyways, the first response you posted, ended up helping me find the solution!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom