[SOLVED] Howto get second IP range on second nic

[Forssux]

Hi There,

I would like to have a second IP adres on another range to administer my Proxmox machine.
I have 3 network cards and configuered it like this..

This is my /etc/hosts:

127.0.0.1 localhost.localdomain localhost
192.168.1.5 pve1.lan pve
192.168.1.5 pve1.mydomain.net pve
192.168.40.5 pve40.lan pve40
192.168.40.5 pve40.mydomain.net pve40
# The following lines are desirable for IPv6 capable hosts

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Can somebody please tell me what I'm missing?

 

[dj423]

I don't see anything missing per se, what issues are you having?

 

[Forssux]

So I test from My Android Phone and from within Proxmox.
I have several networks made on my Unifi UDM PRO
I use the new Zone firewall from Unifi
I have a LAN-PAR = 192.168.1.0/24, LAN-KID 192.168.2.0/24, LAN-CAM 192.168.4.0/24, LAN-VM-LXC 192.168.40.0/24 and a LAN-IOT 192.168.66.0/24
At first I want to have the WEB-Gui also on my 192.168.40.7 adres.

From PC 192.168.1.24
I can ping 192.168.40.1
I can ping 192.168.40.10
I can ping 192.168.40.41 (lamp)
I can't ping 192.168.40.7 ( adres of the vmbr1)

From Debian 192.168.40.10
I can ping 192.168.40.1
I can ping 192.168.40.10
I can ping 192.168.40.41 (lamp)
I can't ping 192.168.40.7 ( adres of the vmbr1)

From PVE 192.168.1.5
I can't ping 192.168.40.1
I can't ping 192.168.40.10
I can't ping 192.168.40.41 (lamp)
I can ping 192.168.40.7 ( adres of the vmbr1)
curl -k https://192.168.40.7:8006 gives me a html document

I have no firewall rules configured on my Proxmox datacenter nor on my PVE
I have a Unifi firewall zone rule that states that all trafic can reach 192.168.40.0/24 range with return enabled.


How can I troubleshoot this further?

 

[leesteken]

Your screenshot shown 192.168.40.5 and not 192.168.40.7, but I assume you changed it later?. Also, those are the IP addressed of the Proxmox host (on that vmbr) and not the "IP of the bridge".
I assume that Proxmox host does not have ping allowed by default when the Proxmox firewall is on; that might explain the no ping but a working an HTTPS reply.
There is also a whole sub-forum about networking: https://forum.proxmox.com/forums/proxmox-ve-networking-and-firewall.17/ . And Proxmox uses standard Linux technology for virtual bridges, so other guides on the internet might also apply. You probably need routing rules between the bridges as you can have only one default gateway.

 

[Forssux]

This was set wrong..

 

[Forssux]

Your screenshot shown 192.168.40.5 and not 192.168.40.7, but I assume you changed it later?. Also, those are the IP addressed of the Proxmox host (on that vmbr) and not the "IP of the bridge".
I assume that Proxmox host does not have ping allowed by default when the Proxmox firewall is on; that might explain the no ping but a working an HTTPS reply.
There is also a whole sub-forum about networking: https://forum.proxmox.com/forums/proxmox-ve-networking-and-firewall.17/ . And Proxmox uses standard Linux technology for virtual bridges, so other guides on the internet might also apply. You probably need routing rules between the bridges as you can have only one default gateway.

Indeed I changed from 192.168.40.5 to 192.168.40.7

I thought that the setting Tagged VLAN Management Allow ALL was sufficient. The webpage on 192.168.40.7 now works

 

[dj423]

Whenever I see funky network issues, I always tend to check the basics, and work my way out from the gateway. So 1.1 is your router, so I would start from there. For example can 1.1 ping 40.7, then from 40.7, can it ping the gateway for that segment, can 40.1 ping to 40.7. Also I would check the routes on the pve host with a multi-homed configuration (multiple networks), then run a traceroute from each node to check the route path, and make sure everything looks consistent and that there is a route path ingress/egress from each node - just to confirm the elementary stuff. If 2 nodes can't communicate on the same segment, then that's usually a configuration/firewall issue since no routing is involved. Sounds like you are making progress though..