Hi everybody,
I'm running Proxmox several years without any issue. The machine has 6 NICs. One of them is WAN and another one is LAN.
This is the network layout ( [] = Device/Machine, () = Network):
(Internet) <--> [WIFI-Router w/ Modem] <--> (DMZ) <--> [Proxmox: [WAN] <--> OPNSense <--> [LAN]] <--> (internal Network)
On our WIFI-Router the Proxmox (WAN connection) is set as exposed host, which means all incomming traffics will go to WAN of Proxmox (respective OPNSense).
Since about 3 weeks I noticed issues that access from outside is not working anymore. Internet usage from internal Network is working well but I cannot access from outside even not from DMZ-Network. I found out, that Proxmox is not letting in any connection from outside and Firewall-Log from outside is quiet (usually there is full of unwanted requests). I dunno what changed some weeks ago because I don't remember any changes I made.
I can connect Proxmox (SSH and PVE-Webconsole) and I can access OPNSense from internal network without any issue.
Here my configurations.
PVE-Version: 7.4-3
/etc/network/interfaces
'ip address' (shorten and masked):
VM-OPNSense:
There is no IP-Conflict in DMZ (doublechecked with ARP).
Do you have Idea/hint how to troubleshoot?
Best regards
Floh
I'm running Proxmox several years without any issue. The machine has 6 NICs. One of them is WAN and another one is LAN.
This is the network layout ( [] = Device/Machine, () = Network):
(Internet) <--> [WIFI-Router w/ Modem] <--> (DMZ) <--> [Proxmox: [WAN] <--> OPNSense <--> [LAN]] <--> (internal Network)
On our WIFI-Router the Proxmox (WAN connection) is set as exposed host, which means all incomming traffics will go to WAN of Proxmox (respective OPNSense).
Since about 3 weeks I noticed issues that access from outside is not working anymore. Internet usage from internal Network is working well but I cannot access from outside even not from DMZ-Network. I found out, that Proxmox is not letting in any connection from outside and Firewall-Log from outside is quiet (usually there is full of unwanted requests). I dunno what changed some weeks ago because I don't remember any changes I made.
I can connect Proxmox (SSH and PVE-Webconsole) and I can access OPNSense from internal network without any issue.
Here my configurations.
PVE-Version: 7.4-3
/etc/network/interfaces
Code:
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
auto lo
iface lo inet loopback
iface enp1s0 inet manual
iface enp2s0 inet manual
iface enp3s0 inet manual
iface enp4s0 inet manual
iface enp5s0 inet manual
iface enp6s0 inet manual
auto vmbr6
iface vmbr6 inet manual
bridge-ports enp1s0
bridge-stp off
bridge-fd 0
#WAN
auto vmbr1
iface vmbr1 inet static
address 192.168.20.2/24
gateway 192.168.20.1
bridge-ports enp6s0
bridge-stp off
bridge-fd 0
#LAN'ip address' (shorten and masked):
Code:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr6 state UP group default qlen 1000
link/ether 00:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
...
(enp2s0 - enp5s0 not used)
...
7: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UP group default qlen 1000
link/ether 00:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
...
8: vmbr6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 2a02:xxxx:xxx:xxxx:xxx:xxxx:xxxx:xxxx/64 scope global dynamic mngtmpaddr
valid_lft 6757sec preferred_lft 3157sec
inet6 fe80::xxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
9: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 192.168.20.2/24 scope global vmbr1
valid_lft forever preferred_lft forever
inet6 fe80::xxx:xxxx:xxxx:xxxx/64 scope link
valid_lft forever preferred_lft forever
...VM-OPNSense:
Code:
OPNSense LAN = vmbr1 192.168.20.1
OPNSense WAN = vmbr6 192.168.30.20There is no IP-Conflict in DMZ (doublechecked with ARP).
Do you have Idea/hint how to troubleshoot?
Best regards
Floh
Last edited: