LCX not working on VLAN

[rbrn]

Hi everybody,

I'm quite new to proxmox and networking in general, I really enjoy learning about networking, virtualisation and selfhosting.
I recently set up my pfsense router with a few VLANs and got almost everything is working the way I want. I now want to set up a nextcloud server on a DMZ VLAN I set up, but I can't get it to connect to the internet.

What I've tried so far:

• I've tried a Ubuntu LXC template and a Turnkey-Nextcloud template
• I've tried both DHCP and Static IPs
• I can ping the gateway (pfSense box) from the LXC
• When I remove the VLAN tag I have no issues connecting to the internet
• VMs connected to the same VLAN are working as expected. (I thought it might've been an oversight in my pfSense firewall rules, but based on this that seems to not be the case)

content of etc/network/interfaces/:

auto lo
iface lo inet loopback

iface enp9s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.10.10/24
        gateway 192.168.10.1
        bridge-ports enp9s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

Do you guys have any idea what I might be missing?

Thanks for your help!

 

[Aminuxer]

- update all at first
- do not modify anywhere in configs not in proxmox, not inside CT
- simply add vlan tag value in web-interface for your LXC-container
- check that your switch configured correctly for pass tagged traffic with corresponding vlan-id
ex. in cisco - check switchport trunk allowed vlan
Must work without problems.

 

[rbrn]

- update all at first
- do not modify anywhere in configs not in proxmox, not inside CT
- simply add vlan tag value in web-interface for your LXC-container
- check that your switch configured correctly for pass tagged traffic with corresponding vlan-id
ex. in cisco - check switchport trunk allowed vlan
Must work without problems.

Thanks for the response, I checked it all but unfortunately it's still not working. It shouldn't have anything to do with the switch-settings, VMs are working correctly and my DHCP-server is assigning the right IP address for the VLAN as well. Everything seems to be working, the only thing that's missing is the internet-connection while on a VLAN.

Do you have any other ideas?

 

[Aminuxer]

Does inter-vlan routing enable on router for corresponding vlan's ?
Check firewall on border / gateway or similar security solution ?

Try install :
- tcpdump on proxmox node (NOT IN VM !!)
- wireshark on workstation

Catch some traffic by tcpdump at node with problem VM/CT.
Copy pcap-file to workstation and open with wireshark; input filter value "vlan" and inspect vlan-tagged traffic.

Also you can mirror traffic from proxmox-node port to SPAN-port on management switch or on gateway router and inspect this.
Check twice firewall rules and network security appliences.

Try create another VM with same VLAN-tag and check connectivity between VM's in your VLAN.

Possibly your subnet in vlan filtered by external firewall.

 

[Elliott Partridge]

Check firewall on border / gateway or similar security solution ?

This is probably it - you need to add a rule in pfSense on vlan interface allowing outbound traffic.

 

[rbrn]

Thanks for your responses, I think I found the issue.

I run a local dns-server which the Proxmox host uses. When creating a container it defaults to using the hosts dns-settings; since the container is on a DMZ it cannot communicate with this server. When creating a virtual machine this issue does not occur because it got its DNS settings from the DHCP-server for the DMZ which uses a public DNS-server.

Changing the DNS-settings to a public DNS-server for the CT fixed the issue.