No connection on VMs

I

ihaveno

New Member
Oct 26, 2024
4
0
1
PVE is on VirtualBox instance. I try to create VM or LXC container and neither has connection except it can ping only PVE instance. I am using bridge connection. VMs can see each other but cant go outside PVE.


PVE data:

Bash: 
root@prm:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether 08:00:27:76:ff:74 brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 08:00:27:76:ff:74 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.11/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe76:ff74/64 scope link
       valid_lft forever preferred_lft forever
4: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 4a:5e:fa:14:7b:0c brd ff:ff:ff:ff:ff:ff
root@prm:~# ip r
default via 192.168.1.1 dev vmbr0 proto kernel onlink
192.168.1.0/24 dev vmbr0 proto kernel scope link src 192.168.1.11
root@prm:~#

VM data:

Bash: 
andrew@casa:~$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.12 icmp_seq=1 Destination Host Unreachable
From 192.168.1.12 icmp_seq=2 Destination Host Unreachable
From 192.168.1.12 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.1.1 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3037ms
pipe 3
andrew@casa:~$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug ens18
iface ens18 inet dhcp
andrew@casa:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether bc:24:11:c8:b3:c1 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
    inet 192.168.1.12/24 brd 192.168.1.255 scope global dynamic ens18
       valid_lft 86030sec preferred_lft 86030sec
    inet6 fe80::be24:11ff:fec8:b3c1/64 scope link
       valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:73:2e:58:47 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:73ff:fe2e:5847/64 scope link
       valid_lft forever preferred_lft forever
5: veth3601122@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
    link/ether ee:9e:30:57:f6:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::ec9e:30ff:fe57:f68d/64 scope link
       valid_lft forever preferred_lft forever
andrew@casa:~$ ip r
default via 192.168.1.1 dev ens18
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.1.0/24 dev ens18 proto kernel scope link src 192.168.1.12
andrew@casa:~$
 
Last edited:
Yes, i had read some posts about similar issue. On PVE instance Turned on promiscuous mode "Allow all", enabled ipv4 forwarding, enabled masquerade on ip tables. Any VM can see each other, also can see PVE instances. But can not reach outside.
 
Have you checked the firewall? if enabled. I would check the tcpdump to see where is the issue.
 
Moayad said:
Have you checked the firewall? if enabled. I would check the tcpdump to see where is the issue.
Click to expand...
I have turned off firewall in Datacenter, on PVE and on VMs but it is did not help. I did not go into tcpdump checking.
Now i am changed to NAT on virtualbox. Made port forwarding through VB Network Manager. Everything working good.
Thanks for help actually i dont mind if i will be using NAT or bridge, but bridge connection on VB left questions opened.
 
Moayad said:
Have you checked the firewall? if enabled. I would check the tcpdump to see where is the issue.
Click to expand...
I came back to bridged connection trying to force it to work. This is PVE instance with ip 192.168.1.11. All firewalls are off, forwarding enabled.

Bash: 
root@prm:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination       

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination       

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination       
root@prm:~# pve-firewall status
Status: disabled/running
root@prm:~# cat /proc/sys/net/ipv4/ip_forward
1
root@prm:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether 08:00:27:76:ff:74 brd ff:ff:ff:ff:ff:ff
6: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 08:00:27:76:ff:74 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.11/24 brd 192.168.1.255 scope global dynamic vmbr0
       valid_lft 81110sec preferred_lft 81110sec
    inet6 fe80::a00:27ff:fe76:ff74/64 scope link
       valid_lft forever preferred_lft forever
7: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr100i0 state UNKNOWN group default qlen 1000
    link/ether 0a:c4:f7:0e:04:d9 brd ff:ff:ff:ff:ff:ff
8: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 66:50:0e:99:2b:fb brd ff:ff:ff:ff:ff:ff
9: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether f2:a5:e5:16:3c:4a brd ff:ff:ff:ff:ff:ff
10: fwln100i0@fwpr100p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether 66:50:0e:99:2b:fb brd ff:ff:ff:ff:ff:ff
root@prm:~#

Now next is tcpdump output. 192.168.1.12 - is IP of VM inside proxmox connected via bridge. Also i run ping 192.168.1.1 on VM.

Bash: 
root@prm:~# tcpdump -i vmbr0 src 192.168.1.12 -c 20
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vmbr0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
20:44:38.765731 ARP, Request who-has 192.168.1.1 tell 192.168.1.12, length 28
20:44:39.790189 ARP, Request who-has 192.168.1.1 tell 192.168.1.12, length 28
20:44:40.813597 ARP, Request who-has 192.168.1.1 tell 192.168.1.12, length 28
20:44:41.843366 ARP, Request who-has 192.168.1.1 tell 192.168.1.12, length 28
20:44:42.490205 IP 192.168.1.12.44361 > SOMEDNSSERVER.domain: 20446+ A? 2.debian.pool.ntp.org. (39)
20:44:42.490207 IP 192.168.1.12.44361 > SOMEDNSSERVER.domain: 20955+ AAAA? 2.debian.pool.ntp.org. (39)
20:44:42.648696 IP 192.168.1.12 > 192.168.1.1: ICMP echo request, id 9239, seq 65, length 64
20:44:43.661614 IP 192.168.1.12 > 192.168.1.1: ICMP echo request, id 9239, seq 66, length 64
20:44:44.688835 IP 192.168.1.12 > 192.168.1.1: ICMP echo request, id 9239, seq 67, length 64
20:44:45.709073 IP 192.168.1.12 > 192.168.1.1: ICMP echo request, id 9239, seq 68, length 64
20:44:46.734008 IP 192.168.1.12 > 192.168.1.1: ICMP echo request, id 9239, seq 69, length 64
20:44:46.849151 IP 192.168.1.12.38387 > SOMEDNSSERVER.domain: 20446+ A? 2.debian.pool.ntp.org. (39)
20:44:46.849206 IP 192.168.1.12.38387 > SOMEDNSSERVER.domain: 20955+ AAAA? 2.debian.pool.ntp.org. (39)
20:44:47.629094 ARP, Request who-has 192.168.1.1 tell 192.168.1.12, length 28
20:44:47.759302 IP 192.168.1.12 > 192.168.1.1: ICMP echo request, id 9239, seq 70, length 64
20:44:48.653979 ARP, Request who-has 192.168.1.1 tell 192.168.1.12, length 28
20:44:48.781451 IP 192.168.1.12 > 192.168.1.1: ICMP echo request, id 9239, seq 71, length 64
20:44:49.678342 ARP, Request who-has 192.168.1.1 tell 192.168.1.12, length 28
20:44:49.805287 IP 192.168.1.12 > 192.168.1.1: ICMP echo request, id 9239, seq 72, length 64
20:44:50.829258 ARP, Request who-has 192.168.1.1 tell 192.168.1.12, length 28
20 packets captured
20 packets received by filter
0 packets dropped by kernel
root@prm:~#

Screen of network adapter on virtual box. Everything needed is enabled.

VirtualBox_C7vMQ450j9.png
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back