Linux Bridge - Linux VMs can connect to internet, Windows VMs can't.

O

OliPicard

New Member
Dec 22, 2021
7
0
1
30
Hello Proxmox,

I am currently running Proxmox V7.1 and I am struggling to get Windows Virtual Machines to connect to the internet. My Linux Virtual Machines are able to connect via the Linux Bridge I have setup but the Windows Machine still isn't able to. I am not sure why this is happening as I have installed the QEMU guest drivers including the VirtIO Adapters. I have gone into device manager to confirm they have been installed. I have tried the intel driver as well but I have had no luck. The only way to get machines to talk to the outside world is to deploy linux virtual machines. The Linux and Windows VMs share the same DNS server. I have followed the proxmox guides for Windows Server 2016 deployment. I have done everything I can on my side as far as I can see.

In short
Linux VMs = Able to connect to the internet.
Windows VMs = Able to connect to local network but not the internet. VirtIO drivers used. Tried pinging the dns server but it is unresponsive.

Same gateway, Same DCHP server, Same Bridge with two different outcomes.

Looking forward to your input.

Oli
 
Last edited:
This is my interface config

auto lo

iface lo inet loopback



auto enp34s0

iface enp34s0 inet static

address xx.xx.x.x/26 (the main server IP)

gateway xx.xx.x.xx (gateway server from Hetzner)

pointopoint xx.xx.x.xx (gateway server from Hetzner)



auto vmbr0

iface vmbr0 inet static

address xx.xx.x.x/26 (the main server IP)

bridge-ports none

bridge-stp off

bridge-fd 0

bridge_maxwait 0



auto vmbr1

iface vmbr1 inet static

address 10.10.10.1/24

bridge-ports none

bridge-stp off

bridge-fd 0

bridge_maxwait 0

post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp34s0 -j MASQUERADE

post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp34s0 -j MASQUERADE
 
I have updated my config. Still having issues with Windows VMs. I have installed all the VirtIO drivers. DCHP is leasing an address and giving the DNS details to the Windows VM.

Bash: 
source /etc/network/interfaces.d/*

auto lo

iface lo inet loopback

auto enp34s0

iface enp34s0 inet static

        address SERVER IP/26

        gateway GATEWAY IP

        pointtopoint GATEWAY IP

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward

        post-up echo 1 > /proc/sys/net/ipv4/conf/enp34s0/proxy_arp

 

auto vmbr1

iface vmbr1 inet static

        address 10.10.10.1/24

        bridge-ports none

        bridge-stp off

        bridge-fd 0

        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp34s0 -j MASQUERADE

        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp34s0 -j MASQUERADE

        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1

        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone

Here is the VM config
Code: 
agent: 1,type=virtio

bios: ovmf

boot: order=ide2;ide0

cores: 4

efidisk0: local:106/vm-106-disk-1.qcow2,efitype=4m,pre-enrolled-keys=1,size=528K

ide0: local:106/vm-106-disk-0.qcow2,size=300G

ide1: local:iso/virtio-win-0.1.208.iso,media=cdrom,size=543390K

ide2: local:iso/Win10_21H2_English_x64.iso,media=cdrom

machine: pc-i440fx-6.1

memory: 16000

meta: creation-qemu=6.1.0,ctime=1640124316

name: Windows10Lab

net0: virtio=A6:77:5C:B9:D7:6F,bridge=vmbr1,rate=0

numa: 0

ostype: win10

scsihw: virtio-scsi-pci

smbios1: uuid=4628239f-570f-4c36-ab06-6950558ba8c7

sockets: 1

tablet: 1

tpmstate0: local:106/vm-106-disk-2.raw,size=4M,version=v2.0

vga: virtio

vmgenid: 25887449-26ba-4cab-9406-bf17827211b1
 
Not sure if I pointed this out but I am hosting the server with Hetzner. Proxmox is v7.1 and I have noticed some people are mentioning issues with Windows VMs and the way Hetzner filters MAC addresses with IP. I am wondering if this is what is causing the Windows VMs not to access the net but the Linux ones can... it's strange!
 
Right. I figured it out... so.... Hetzner has it's own stateful firewall which is enabled by default. Fun fact about the Hetzner firewall... it also blocks outbound traffic... I am now asking Hetzner for help to identify a way to fix this and once I have found out how from them i'll update this post in case others get stuck. The good news is that if Hetzner's firewall can't do it we can setup a software firewall on the server. I'll provide a step by step guide for this on this post once I've done it so if others get to this point and struggle they have something to work with.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back