IPv6 OK but not IPv4

A

alefaut

New Member
Feb 2, 2020
5
1
3
54
Hello,

I just installed Proxmox (6.1-5) on top of a debian buster server (used as DHCP server, DNS server, WEB server, docker host, etc).
I managed to fix some issues (I really should read documentation carrefully) :
  • missing entry in /etc/hosts resulting in ssl certificate not being created
  • missing vmbr0
but I cannot find any documentation or thread related to this one.

When I start a VM, following interfaces are created on the host
Bash: 
80: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr100i0 state UNKNOWN group default qlen 1000
    link/ether c6:9c:0e:15:ab:00 brd ff:ff:ff:ff:ff:ff
81: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether aa:68:91:a4:c3:88 brd ff:ff:ff:ff:ff:ff
82: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 56:b5:a5:f9:25:32 brd ff:ff:ff:ff:ff:ff
83: fwln100i0@fwpr100p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether aa:68:91:a4:c3:88 brd ff:ff:ff:ff:ff:ff

The interface on the VM is
Screenshot_2020-02-02 obelix - Proxmox Virtual Environment.png

As a result, I can ping using IPv6 but not IPv4
Screenshot_2020-02-02 obelix - Proxmox Virtual Environment(1).png

Fun fact, the host does not have IPv6, it can ping using IPv4 but not IPv6 :rolleyes:

Here is the vmbr if needed :
Bash: 
67: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:b2:34:98:63:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::ae1f:6bff:fe00:2584/64 scope link
       valid_lft forever preferred_lft forever

The VM is configured to use the VirtIO model, bridge vmbr0

Did I miss something?
 

Attachments

  • Screenshot_2020-02-02 obelix - Proxmox Virtual Environment.png
    Screenshot_2020-02-02 obelix - Proxmox Virtual Environment.png
    17.1 KB · Views: 19
Hi, thanks for the help.

I tried many things since (setting the vmbr on a different network, etc) but no luck.
Here are the information from the host and the VM.
I also added "brctl show" result.

Bash: 
root@host:~# cat /etc/network/interfaces
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface enp0s20f0 inet manual
    network 255.255.255.0

iface enp0s20f1 inet manual

iface enp0s20f2 inet manual

iface enp0s20f3 inet manual

auto vmbr0
iface vmbr0 inet static
    address  192.168.0.2
    netmask  24
    gateway  192.168.0.254
    bridge-ports enp0s20f0
    bridge-stp on
    bridge-fd 0

root@host:~# brctl show
bridge name    bridge id        STP enabled    interfaces
docker0        8000.0242dd6995cf    no        veth8166f5b
                            veth8bfd1d8
                            vethb3d5ed9
fwbr101i0        8000.9a1bd901a68b    yes        fwln101i0
                            tap101i0
vmbr0        8000.6a179ceae219    yes        enp0s20f0
                            fwpr101p0


root@vm:~# cat /etc/network/interfaces
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

allow-hotplug ens18
iface ens18inet6 auto
 
Hello,

Yes,
In splited screen, I ran "tcpdump -i enp0s20f0 -n icmp" and "tcpdump -i vmbr0 -n icmp"
When the ping run, I see packets on vmbr0 but none on enp0s20f0. (same when making a telnet)
Shouldn't packet be seen on enp0s20f0 as it is part of the vmbr0 bridge?
Did I miss something (adding a rule or something)?


Here is the result of qm config:
Code: 
root@obelix:~# qm config 101
bootdisk: scsi0
cores: 1
cpu: host
memory: 1024
name: LAMP
net0: virtio=BE:1E:82:A3:EF:3D,bridge=vmbr0
numa: 0
onboot: 1
ostype: l26
scsi0: local:101/vm-101-disk-0.qcow2,size=10G
scsihw: virtio-scsi-pci
smbios1: uuid=cebcda4c-358c-485e-b67d-a2e38b6a52ae
sockets: 1
vmgenid: d92c059a-1b8d-42dc-810f-277d078b8c7d
 
Hello,

Continuing to discover Proxmox, I have another network issue.

My vmbr0 is still bridged with the physical interface (192.168.0.2) and VM connected to this bridge can connect without issue. (network 192.168.0.0)
I added a new bridge vmbr1 (adress 192.168.1.1), disconnected from physical interface.

VM on network 192.168.1.0 get address using DHCP, can connect to the host IP (192.168.0.2) but cannot go further (cannot ping the gateway 192.168.0.254 nor VM on the 192.168.0.0 network)
Using tcpdump, I see packets on the first bridge (vmbr1) but not on the second one (vmbr0).
I expected packets to sent on the second bridge in order to be NATted, but looks like they are dropped :confused:

Same behaviour when I try from 192.168.0.0 network to ping VM on 192.168.1.0 network, packets arrive on vmbr0 but no one on vmbr1.

interfaces files:
Code: 
auto vmbr0
iface vmbr0 inet static
        address  192.168.0.2
        netmask  24
        gateway  192.168.0.254
        bridge-ports enp0s20f0
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet static
        address  192.168.1.1
        netmask  24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

bridge configuration :
Code: 
115: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ac:1f:6b:00:25:84 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::ae1f:6bff:fe00:2584/64 scope link
       valid_lft forever preferred_lft forever
124: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 56:f5:57:cd:a8:e6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 scope global vmbr1
       valid_lft forever preferred_lft forever
    inet6 fe80::484a:19ff:fe16:ab24/64 scope link
       valid_lft forever preferred_lft forever

brctl show:
Code: 
vmbr0           8000.ac1f6b002584       no              enp0s20f0
                                                        tap102i0
vmbr1           8000.56f557cda8e6       no              tap100i0

iptables rules :
Code: 
root@host:~# iptables -t filter -L -nv
Chain INPUT (policy ACCEPT 1506K packets, 169M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 7343 packets, 614K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 3766  316K LOG        all  --  *      *       0.0.0.0/0            192.168.0.254        LOG flags 0 level 4

Chain OUTPUT (policy ACCEPT 1820K packets, 493M bytes)
 pkts bytes target     prot opt in     out     source               destination         
root@host:~# iptables -t nat -L -nv
Chain PREROUTING (policy ACCEPT 5 packets, 393 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 5 packets, 393 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 12 packets, 846 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 12 packets, 846 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 MASQUERADE  all  --  *      vmbr0   192.168.1.0/24       0.0.0.0/0           
root@host:~# iptables -t mangle -L -nv
Chain PREROUTING (policy ACCEPT 1470K packets, 165M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 1463K packets, 164M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 6402 packets, 535K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1769K packets, 480M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 1769K packets, 480M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 1126  284K LOG        all  --  *      *       0.0.0.0/0            192.168.0.254        LOG flags 0 level 4

Did I miss something?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom