Issue with multiple network cards / subnets and venet

S

svendsen

Renowned Member
Apr 18, 2012
60
1
73
Hi Guys,

I've funny issue which I think might be easy to solve, but I haven't found a solution yet.
My Proxmox server has 2 NICs. One goes in NET1 and second in NET2.
Reason is that some VMs shall have Network in INET2 and others in NET2.

Let's say NET1 is 192.168.0.0 network and NET2 is 192.168.10.0.

Proxmox has address vmbr0 192.168.10.10 and vmbr1 192.168.0.10.

Everything is setup and is actually working... BUT:

OpenVZ VMs on NET2 is not accessible from NET1. From other subnets or from outside/WAN everything works well.
(I have not checked accessibility from NET2 to NET1 yet)

If I from a machine on NET1 (192.168.0.0) try to traceroute an OpenVZ VM on NET2 (fx 192.168.10.20) I get:

192.168.0.1 (firewall)
192.168.0.10 (Proxmox.. but on NET1!)
192.168.10.20

NET1 to NET1 and NET2 to NET2 Works fine! And note that I explicit write OpenVZ... with KVM VMs there are no issues.. So must be routing/NAT issue with venet?

Any clues? :)
 
# ip route
172.16.0.19 dev venet0 scope link
172.16.0.17 dev venet0 scope link
172.16.0.15 dev venet0 scope link
192.168.1.0/24 dev vmbr1 proto kernel scope link src 192.168.1.10
172.16.0.0/24 dev vmbr0 proto kernel scope link src 172.16.0.10
default via 172.16.0.1 dev vmbr0

# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination


So, from a computer on the 172.16.0.0 Network I can ping everything fine. But from 192.168.0.0 Network I cannot ping the OpenVZ machines (which is on the 172.16.0.0 Network).
On the same server I have KVM VMs on both Network.. I can ping those fine.
 
Note: When I write "ping" I actually also meen connection. Fx to webserver inside OpenVZ.
 
What is that firewall you mention in the traceroute? is it a vm and you route everything through it? on the same subnet?
 
It's a Zyxel firewall. It only routes between subnets. (between 172.16.0.0 and 192.168.0.0)

So if I from 192.168.0.12 traceroute to a OpenVZ on 172.16.0.20 the path is like this:

192.168.0.1 (firewall)
192.168.0.10 (Proxmox.. but on wrong subnet!)
172.16.0.20

As I wrote - it's only an issue with OpenVZ. KVMs are working fine. So it must be related to venet interfaces.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back