[SOLVED] Hostsystem nicht erreichbar

N

Nirobe

New Member
Nov 3, 2017
9
0
1
28
Hallo alle zusammen,
mir bereitet derzeit ein kleines Problem Kopfzerbrechen. Ich habe einen dedizierten Server bei Hetzner gemietet. Dazu 2 IP-Adressen. Proxmox läuft auf Debian 8. In Proxmox ist eine VM mit einer virtuellen Firewall mit der 2. IP Konfiguriert. Alle weiteren VM's liegen hinter der Firewall-VM. Die 1. IP ist nur für das Proxmox - Webinterface / Management des Hostsystems da.

Das Problem:
Wenn ich das ganze eingerichtet habe, mich ne Weile (zwischen 30 Minuten und 2 Stunden) nicht im Webinterface befinde habe ich plötzlich keinen Zugriff mehr auf das Hostsystem. Ping, SSH, Webinterface sind alle nicht erreichbar. Die VM's incl. der Firewall-VM sind aber alle Online und erreichbar.

Könnt ihr mir da Tipps geben, wo ich das Problem suchen muss / wie ich das beheben kann

Gruß Nirobe
 
Und wennst du dich von einer VM auf das Proxmoxsystem verbindest... das geht dann vermutlich noch? Was tust du denn dann das es wieder geht?
 
Ich hab keine VM mit der es mir möglich wäre auf das Proxmox-System zuzugreifen. Um wieder Zugriff zu haben, muss ich den Server neustarten. Das Problem daran ist, dass der Server nur kurze Zeit ansprechbar ist nach dem ich Ihn neu gestartet habe.
 
Siehts in den Logs zu der Zeit was brauchbares? Also in /var/log/syslog oder "journalctl --help"
 
Auszug aus der daemon.log

Code: 
Nov  3 21:52:57 Yoda systemd[1]: Failed to reset devices.list on /system.slice:                                       Invalid argument
Nov  3 21:52:57 Yoda systemd-sysctl[2743]: Overwriting earlier assignment of net                                      /ipv4/conf/all/rp_filter in file '/usr/lib/sysctl.d/pve-firewall.conf'.
Nov  3 21:52:57 Yoda systemd-sysctl[2765]: Overwriting earlier assignment of net                                      /ipv4/conf/all/rp_filter in file '/usr/lib/sysctl.d/pve-firewall.conf'.
Nov  3 21:52:58 Yoda ntpdate[1948]: sendto(1c.ncomputers.org): Network is unreac                                      hable
Nov  3 21:52:58 Yoda ntpdate[1948]: sendto(2003:a:87f:c37c::1): Network is unrea                                      chable

Ich versuch noch mal auf das System zu kommen und schau dann mal in die syslogs
Danke schon mal für deine Hilfe :)
 
syslog

Code: 
00:16:28 Yoda systemd[1]: Started PVE SPICE Proxy Server.
Nov  4 00:16:28 Yoda systemd[1]: Starting PVE VM Manager...
Nov  4 00:16:28 Yoda ntpdate[1949]: sendto(v6.blazing.de): Network is unreachable
Nov  4 00:16:28 Yoda ntpdate[1949]: sendto(srv2.3c7.de): Network is unreachable
Nov  4 00:16:28 Yoda ntpdate[1949]: sendto(1a.ncomputers.org): Network is unreachable
Nov  4 00:16:29 Yoda pve-manager[2735]: <root@pam> starting task UPID:Yoda:00000AB3:000005EB:59FCF8CD:startall::root@pam:
Nov  4 00:16:29 Yoda pve-manager[2739]: <root@pam> starting task UPID:Yoda:00000AB4:000005ED:59FCF8CD:qmstart:100:root@pam:
Nov  4 00:16:29 Yoda pve-manager[2740]: start VM 100: UPID:Yoda:00000AB4:000005ED:59FCF8CD:qmstart:100:root@pam:
Nov  4 00:16:29 Yoda systemd[1]: Starting qemu.slice.
Nov  4 00:16:29 Yoda systemd[1]: Created slice qemu.slice.
Nov  4 00:16:29 Yoda systemd[1]: Starting 100.scope.
Nov  4 00:16:29 Yoda systemd[1]: Started 100.scope.
Nov  4 00:16:29 Yoda systemd[1]: Failed to reset devices.list on /system.slice: Invalid argument
Nov  4 00:16:29 Yoda systemd-sysctl[2755]: Overwriting earlier assignment of net/ipv4/conf/all/rp_filter in file '/usr/lib/sysctl.d/pve-firewall.conf'.
Nov  4 00:16:29 Yoda kernel: [   16.099702] device tap100i0 entered promiscuous mode
Nov  4 00:16:29 Yoda kernel: [   16.108657] vmbr0: port 2(tap100i0) entered forwarding state
Nov  4 00:16:29 Yoda kernel: [   16.108725] vmbr0: port 2(tap100i0) entered forwarding state
Nov  4 00:16:29 Yoda systemd-sysctl[2776]: Overwriting earlier assignment of net/ipv4/conf/all/rp_filter in file '/usr/lib/sysctl.d/pve-firewall.conf'.
Nov  4 00:16:30 Yoda ntpdate[1949]: sendto(www.heikorichter.name): Network is unreachable
Nov  4 00:16:30 Yoda kernel: [   16.584017] device tap100i1 entered promiscuous mode
Nov  4 00:16:30 Yoda kernel: [   16.592901] vmbr1: port 1(tap100i1) entered forwarding state
Nov  4 00:16:30 Yoda kernel: [   16.592963] vmbr1: port 1(tap100i1) entered forwarding state
Nov  4 00:16:30 Yoda ntpdate[1949]: sendto(v6.blazing.de): Network is unreachable
Nov  4 00:16:30 Yoda ntpdate[1949]: sendto(srv2.3c7.de): Network is unreachable
Nov  4 00:16:30 Yoda ntpdate[1949]: sendto(1a.ncomputers.org): Network is unreachable
Nov  4 00:16:32 Yoda ntpdate[1949]: sendto(www.heikorichter.name): Network is unreachable
Nov  4 00:16:32 Yoda ntpdate[1949]: sendto(v6.blazing.de): Network is unreachable
Nov  4 00:16:32 Yoda ntpdate[1949]: sendto(srv2.3c7.de): Network is unreachable
Nov  4 00:16:32 Yoda ntpdate[1949]: sendto(1a.ncomputers.org): Network is unreachable
Nov  4 00:16:33 Yoda kernel: [   19.612124] kvm: zapping shadow pages for mmio generation wraparound
Nov  4 00:16:33 Yoda kernel: [   19.613526] kvm: zapping shadow pages for mmio generation wraparound
Nov  4 00:16:34 Yoda pve-manager[2739]: <root@pam> starting task UPID:Yoda:00000AEF:000007E2:59FCF8D2:qmstart:101:root@pam:
Nov  4 00:16:34 Yoda pve-manager[2799]: start VM 101: UPID:Yoda:00000AEF:000007E2:59FCF8D2:qmstart:101:root@pam:
Nov  4 00:16:34 Yoda systemd[1]: Starting 101.scope.
Nov  4 00:16:34 Yoda systemd[1]: Started 101.scope.
Nov  4 00:16:34 Yoda systemd-sysctl[2813]: Overwriting earlier assignment of net/ipv4/conf/all/rp_filter in file '/usr/lib/sysctl.d/pve-firewall.conf'.
Nov  4 00:16:34 Yoda kernel: [   20.851674] device tap101i0 entered promiscuous mode
Nov  4 00:16:34 Yoda kernel: [   20.857545] vmbr1: port 2(tap101i0) entered forwarding state
Nov  4 00:16:34 Yoda kernel: [   20.857591] vmbr1: port 2(tap101i0) entered forwarding state
Nov  4 00:16:35 Yoda ntpdate[1949]: step time server 78.46.53.8 offset 0.200899 sec
Nov  4 00:16:35 Yoda systemd[1]: Time has been changed
Nov  4 00:16:36 Yoda systemd[1]: Starting user-0.slice.
Nov  4 00:16:36 Yoda systemd[1]: Created slice user-0.slice.
Nov  4 00:16:36 Yoda systemd[1]: Starting User Manager for UID 0...
Nov  4 00:16:36 Yoda systemd[1]: Starting Session 1 of user root.
Nov  4 00:16:36 Yoda systemd[1]: Started Session 1 of user root.

journalctl

Code: 
Nov 04 00:20:26 Yoda systemd[1]: Failed to reset devices.list on /system.slice: Invalid argument
Nov 04 00:20:26 Yoda systemd-sysctl[2759]: Overwriting earlier assignment of net/ipv4/conf/all/rp_filter in file '/usr
Nov 04 00:20:27 Yoda kernel: device tap100i0 entered promiscuous mode
Nov 04 00:20:27 Yoda kernel: vmbr0: port 2(tap100i0) entered forwarding state
Nov 04 00:20:27 Yoda kernel: vmbr0: port 2(tap100i0) entered forwarding state
Nov 04 00:20:27 Yoda systemd-sysctl[2779]: Overwriting earlier assignment of net/ipv4/conf/all/rp_filter in file '/usr
Nov 04 00:20:27 Yoda ntpdate[1950]: sendto(ntp3.ds.network): Network is unreachable
Nov 04 00:20:27 Yoda ntpdate[1950]: sendto(2406:da18:abd:d700:4fef:14aa:9534:95db): Network is unreachable
Nov 04 00:20:27 Yoda sshd[2713]: Accepted password for root from 77.20.255.153 port 39289 ssh2
Nov 04 00:20:27 Yoda sshd[2713]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 04 00:20:27 Yoda systemd[1]: Starting user-0.slice.
Nov 04 00:20:27 Yoda systemd[1]: Created slice user-0.slice.
Nov 04 00:20:27 Yoda systemd[1]: Starting User Manager for UID 0...
Nov 04 00:20:27 Yoda kernel: device tap100i1 entered promiscuous mode
Nov 04 00:20:27 Yoda kernel: vmbr1: port 1(tap100i1) entered forwarding state
Nov 04 00:20:27 Yoda kernel: vmbr1: port 1(tap100i1) entered forwarding state
Nov 04 00:20:27 Yoda systemd-logind[2474]: New session 1 of user root.
Nov 04 00:20:27 Yoda systemd[2781]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Nov 04 00:20:27 Yoda systemd[1]: Starting Session 1 of user root.
Nov 04 00:20:27 Yoda systemd[1]: Started Session 1 of user root.
Nov 04 00:20:27 Yoda systemd[2781]: Starting Paths.
Nov 04 00:20:27 Yoda systemd[2781]: Reached target Paths.
Nov 04 00:20:27 Yoda systemd[2781]: Starting Timers.
Nov 04 00:20:27 Yoda systemd[2781]: Reached target Timers.
Nov 04 00:20:27 Yoda systemd[2781]: Starting Sockets.
Nov 04 00:20:27 Yoda systemd[2781]: Reached target Sockets.
Nov 04 00:20:27 Yoda systemd[2781]: Starting Basic System.
Nov 04 00:20:27 Yoda systemd[2781]: Reached target Basic System.
Nov 04 00:20:27 Yoda systemd[2781]: Starting Default.
Nov 04 00:20:27 Yoda systemd[2781]: Reached target Default.
Nov 04 00:20:27 Yoda systemd[2781]: Startup finished in 12ms.
Nov 04 00:20:27 Yoda systemd[1]: Started User Manager for UID 0.
Nov 04 00:20:28 Yoda ntpdate[1950]: sendto(ntp.my-rz.de): Network is unreachable
Nov 04 00:20:29 Yoda ntpdate[1950]: sendto(2a01:7e00:e000:1f::123): Network is unreachable
Nov 04 00:20:29 Yoda ntpdate[1950]: sendto(ntp3.ds.network): Network is unreachable
Nov 04 00:20:29 Yoda ntpdate[1950]: sendto(2406:da18:abd:d700:4fef:14aa:9534:95db): Network is unreachable
Nov 04 00:20:30 Yoda ntpdate[1950]: sendto(ntp.my-rz.de): Network is unreachable
Nov 04 00:20:31 Yoda ntpdate[1950]: sendto(2a01:7e00:e000:1f::123): Network is unreachable
Nov 04 00:20:31 Yoda ntpdate[1950]: sendto(ntp3.ds.network): Network is unreachable
Nov 04 00:20:31 Yoda ntpdate[1950]: sendto(2406:da18:abd:d700:4fef:14aa:9534:95db): Network is unreachable
Nov 04 00:20:32 Yoda kernel: kvm: zapping shadow pages for mmio generation wraparound
Nov 04 00:20:32 Yoda kernel: kvm: zapping shadow pages for mmio generation wraparound
Nov 04 00:20:32 Yoda ntpdate[1950]: sendto(ntp.my-rz.de): Network is unreachable
Nov 04 00:20:33 Yoda ntpdate[1950]: sendto(2a01:7e00:e000:1f::123): Network is unreachable
Nov 04 00:20:33 Yoda ntpdate[1950]: sendto(ntp3.ds.network): Network is unreachable
Nov 04 00:20:33 Yoda pve-manager[2743]: <root@pam> starting task UPID:Yoda:00000B02:000008BC:59FCF9C1:qmstart:101:root
Nov 04 00:20:33 Yoda pve-manager[2818]: start VM 101: UPID:Yoda:00000B02:000008BC:59FCF9C1:qmstart:101:root@pam:
Nov 04 00:20:33 Yoda systemd[1]: Starting 101.scope.
Nov 04 00:20:33 Yoda systemd[1]: Started 101.scope.
Nov 04 00:20:33 Yoda systemd-sysctl[2834]: Overwriting earlier assignment of net/ipv4/conf/all/rp_filter in file '/usr
Nov 04 00:20:33 Yoda ntpdate[1950]: sendto(2406:da18:abd:d700:4fef:14aa:9534:95db): Network is unreachable
Nov 04 00:20:33 Yoda kernel: device tap101i0 entered promiscuous mode
Nov 04 00:20:33 Yoda kernel: vmbr1: port 2(tap101i0) entered forwarding state
Nov 04 00:20:33 Yoda kernel: vmbr1: port 2(tap101i0) entered forwarding state
Nov 04 00:20:35 Yoda ntpdate[1950]: step time server 131.188.3.220 offset 0.295212 sec
Nov 04 00:20:35 Yoda systemd[1]: Time has been changed
Nov 04 00:20:35 Yoda systemd[2781]: Time has been changed
Nov 04 00:20:39 Yoda kernel: kvm: zapping shadow pages for mmio generation wraparound
Nov 04 00:20:39 Yoda kernel: kvm: zapping shadow pages for mmio generation wraparound
Nov 04 00:20:39 Yoda pve-manager[2743]: <root@pam> starting task UPID:Yoda:00000B38:00000B15:59FCF9C7:qmstart:102:root
Nov 04 00:20:39 Yoda pve-manager[2872]: start VM 102: UPID:Yoda:00000B38:00000B15:59FCF9C7:qmstart:102:root@pam:
Nov 04 00:20:39 Yoda systemd[1]: Starting 102.scope.
Nov 04 00:20:39 Yoda systemd[1]: Started 102.scope.
Nov 04 00:20:39 Yoda systemd-sysctl[2888]: Overwriting earlier assignment of net/ipv4/conf/all/rp_filter in file '/usr
Nov 04 00:20:40 Yoda kernel: device tap102i0 entered promiscuous mode
Nov 04 00:20:40 Yoda kernel: vmbr1: port 3(tap102i0) entered forwarding state
Nov 04 00:20:40 Yoda kernel: vmbr1: port 3(tap102i0) entered forwarding state
Nov 04 00:20:40 Yoda kernel: kvm [2826]: vcpu0 unhandled rdmsr: 0x140
Nov 04 00:20:40 Yoda kernel: kvm [2826]: vcpu1 unhandled rdmsr: 0x140
Nov 04 00:20:40 Yoda kernel: kvm [2826]: vcpu2 unhandled rdmsr: 0x140
Nov 04 00:20:40 Yoda kernel: kvm [2826]: vcpu3 unhandled rdmsr: 0x140
Nov 04 00:20:40 Yoda kernel: kvm [2826]: vcpu4 unhandled rdmsr: 0x140
Nov 04 00:20:40 Yoda kernel: kvm [2826]: vcpu5 unhandled rdmsr: 0x140
Nov 04 00:20:40 Yoda kernel: kvm [2826]: vcpu6 unhandled rdmsr: 0x140
Nov 04 00:20:40 Yoda kernel: kvm [2826]: vcpu7 unhandled rdmsr: 0x140
Nov 04 00:20:40 Yoda kernel: kvm [2826]: vcpu8 unhandled rdmsr: 0x140
Nov 04 00:20:40 Yoda kernel: kvm [2826]: vcpu9 unhandled rdmsr: 0x140
Nov 04 00:20:27 Yoda sshd[2713]: Accepted password for root from 77.20.255.153 port 39289 ssh2
Nov 04 00:20:27 Yoda sshd[2713]: pam_unix(sshd:session): session opened for user root by (uid=0)
Nov 04 00:20:27 Yoda systemd[1]: Starting user-0.slice.
Nov 04 00:20:27 Yoda systemd[1]: Created slice user-0.slice.
Nov 04 00:20:27 Yoda systemd[1]: Starting User Manager for UID 0...
Nov 04 00:20:27 Yoda kernel: device tap100i1 entered promiscuous mode
Nov 04 00:20:27 Yoda kernel: vmbr1: port 1(tap100i1) entered forwarding state
Nov 04 00:20:27 Yoda kernel: vmbr1: port 1(tap100i1) entered forwarding state
Nov 04 00:20:27 Yoda systemd-logind[2474]: New session 1 of user root.
Nov 04 00:20:27 Yoda systemd[2781]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Nov 04 00:20:27 Yoda systemd[1]: Starting Session 1 of user root.
Nov 04 00:20:27 Yoda systemd[1]: Started Session 1 of user root.
 
Hi,

hast du bei deinem Hoster die Möglichkeit per IPMI / KVM auf deinen Server zuzugreifen?

Ansonsten sieht das hier:
Code: 
Nov 04 00:20:28 Yoda ntpdate[1950]: sendto(ntp.my-rz.de): Network is unreachable
Nov 04 00:20:29 Yoda ntpdate[1950]: sendto(2a01:7e00:e000:1f::123): Network is unreachable
Nov 04 00:20:29 Yoda ntpdate[1950]: sendto(ntp3.ds.network): Network is unreachable
Nov 04 00:20:29 Yoda ntpdate[1950]: sendto(2406:da18:abd:d700:4fef:14aa:9534:95db): Network is unreachable
Nov 04 00:20:30 Yoda ntpdate[1950]: sendto(ntp.my-rz.de): Network is unreachable
Nov 04 00:20:31 Yoda ntpdate[1950]: sendto(2a01:7e00:e000:1f::123): Network is unreachable
Nov 04 00:20:31 Yoda ntpdate[1950]: sendto(ntp3.ds.network): Network is unreachable
Nov 04 00:20:31 Yoda ntpdate[1950]: sendto(2406:da18:abd:d700:4fef:14aa:9534:95db): Network is unreachable

schonmal schlecht aus. Scheint als würde irgendwas mit deiner Netzwerk Konfiguration schieflaufen.
 
Ja ich habe Zugriff auf eine KVM Konsole. Ich versteh nur nicht wieso das passiert. Ich kann Stundenlang dran arbeiten aber sobald ich mich auslogge aus dem Proxmox und nur paar Minuten nicht dran bin, habe ich plötzlich keine Verbindung mehr.
 
Wenn du dann per KVM drauf bist, kannst du Verbindungen nach außen aufbauen? Also ist nur In oder auch der Out traffic betroffen?

Hast du mal geschaut ob irgendwas in iptables steht?
Code: 
iptables -L
Code: 
ip6tables -L
Ist irgendwas wie fail2ban installiert? Was sagt zu dem Zeitpunkt deine Netzwerkkonfiguration? Mal mit "ifconfig / ipaddr" geschaut?

Außerdem kannst du mal mit traceroute spielen:
Code: 
traceroute -n -T -p 22 <server>
 
Es war nicht möglich eine Verbindung nach außen aufzubauen. traceroute kam nicht mal einen schritt raus. Nach den IP-Tables hab ich garnicht geschaut, hatte irgendwie gedacht Proxmox hat da ne eigene Config die da vielleicht rumspielt. es ist kein zusätzliches Programm installiert. Ich werde mir morgen nochmal die KVM beantragen nach den IP-tables schauen und sehen was ifconfig mir sagt
 
Hi,

wenn du hilfe brauchst melde dich einfach bei mir ich kann ggf. auch per Teamviewer drauf schauen. 017672520868 (Am besten erst Whatsapp)

Gruß

Markus
 
  • Like
Reactions: Nirobe
Ok, da der Anwender es leider nicht selber rein schreibt hier die Lösung.
Er hat dem vmbr0 und eth0 (eth0 ist im Verbund mit vmbr0) 2 ips gegeben. Nach ausloggen aus der Web gui konnte sich das System nicht entscheiden für welche ip und Gateway es ist.

Lösung:

Vmbr0 (eth0) eine öffentliche ip mit Gateway
Die virtuelle Firewall Kiste hat dann die 2te öffentliche ip bekommen und zusätzlich noch ein Interface ins vmbr1 für Intern

Vmbr1 ohne ip
Bekommen nur die internen Maschinen. Die dann über die Firewall ins Internet dürfen (nat)

Gruß

Markus
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom