No response from service running in a VM

I

ihr

Member
Dec 25, 2022
32
2
8
Hi,

I've installed proxmox 7.3-3 recently for testing purposes and managed to create a VM running Alpine Linux. Also I installed mosquitto server on the Alpine and managed also to configure the firewall so connection could (in theory) be stablished. But it doesn't work.

What I did: I installed tcpdump to debug the connection at low level. Here is the output on the Alpine Linux. AFAICS the requests for connection arrives and it is answered properly:

Code: 
13:28:07.520385 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009292 ecr 0,sackOK,eol], length 0
13:28:07.520409 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 68264466, win 0, length 0
13:28:07.621499 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009393 ecr 0,sackOK,eol], length 0
13:28:07.621508 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:07.722230 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009494 ecr 0,sackOK,eol], length 0
13:28:07.722238 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:07.822371 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009594 ecr 0,sackOK,eol], length 0
13:28:07.822379 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:07.923394 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009695 ecr 0,sackOK,eol], length 0
13:28:07.923403 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:08.023766 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009795 ecr 0,sackOK,eol], length 0
13:28:08.023775 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:08.224459 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009996 ecr 0,sackOK,eol], length 0
13:28:08.224468 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:08.625045 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191010396 ecr 0,sackOK,eol], length 0
13:28:08.625060 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:09.425518 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191011197 ecr 0,sackOK,eol], length 0
13:28:09.425530 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:11.026077 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191012797 ecr 0,sackOK,eol], length 0
13:28:11.026113 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:14.225786 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,sackOK,eol], length 0
13:28:14.225810 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0

Now this is what I see at the server running proxmox:
Code: 
13:28:10.045563 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009292 ecr 0,sackOK,eol], length 0
13:28:10.146702 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009393 ecr 0,sackOK,eol], length 0
13:28:10.247417 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009494 ecr 0,sackOK,eol], length 0
13:28:10.347556 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009594 ecr 0,sackOK,eol], length 0
13:28:10.448599 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009695 ecr 0,sackOK,eol], length 0
13:28:10.548972 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009795 ecr 0,sackOK,eol], length 0
13:28:10.749629 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009996 ecr 0,sackOK,eol], length 0
13:28:11.150232 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191010396 ecr 0,sackOK,eol], length 0
13:28:11.950691 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191011197 ecr 0,sackOK,eol], length 0
13:28:13.551294 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191012797 ecr 0,sackOK,eol], length 0
13:28:16.750914 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,sackOK,eol], length 0

It looks like only the requests are forwarded in to the VM but the responses are drop

The firewall rule is defined as follows:
Window.png

Output Policy is set to "ACCEPT"

I should be missing something but I don't know what!

Thank you for your help!
 
Last edited:
ihr said:
Hi,

I've installed proxmox 7.3-3 recently for testing purposes and managed to create a VM running Alpine Linux. Also I installed mosquitto server on the Alpine and managed also to configure the firewall so connection could (in theory) be stablished. But it doesn't work.

What I did: I installed tcpdump to debug the connection at low level. Here is the output on the Alpine Linux. AFAICS the requests for connection arrives and it is answered properly:

Code: 
13:28:07.520385 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009292 ecr 0,sackOK,eol], length 0
13:28:07.520409 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 68264466, win 0, length 0
13:28:07.621499 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009393 ecr 0,sackOK,eol], length 0
13:28:07.621508 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:07.722230 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009494 ecr 0,sackOK,eol], length 0
13:28:07.722238 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:07.822371 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009594 ecr 0,sackOK,eol], length 0
13:28:07.822379 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:07.923394 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009695 ecr 0,sackOK,eol], length 0
13:28:07.923403 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:08.023766 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009795 ecr 0,sackOK,eol], length 0
13:28:08.023775 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:08.224459 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009996 ecr 0,sackOK,eol], length 0
13:28:08.224468 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:08.625045 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191010396 ecr 0,sackOK,eol], length 0
13:28:08.625060 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:09.425518 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191011197 ecr 0,sackOK,eol], length 0
13:28:09.425530 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:11.026077 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191012797 ecr 0,sackOK,eol], length 0
13:28:11.026113 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0
13:28:14.225786 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,sackOK,eol], length 0
13:28:14.225810 IP mqtt.chiton.1883 > 192.168.1.196.53197: Flags [R.], seq 0, ack 1, win 0, length 0

Now this is what I see at the server running proxmox:
Code: 
13:28:10.045563 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009292 ecr 0,sackOK,eol], length 0
13:28:10.146702 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009393 ecr 0,sackOK,eol], length 0
13:28:10.247417 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009494 ecr 0,sackOK,eol], length 0
13:28:10.347556 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009594 ecr 0,sackOK,eol], length 0
13:28:10.448599 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009695 ecr 0,sackOK,eol], length 0
13:28:10.548972 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009795 ecr 0,sackOK,eol], length 0
13:28:10.749629 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191009996 ecr 0,sackOK,eol], length 0
13:28:11.150232 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191010396 ecr 0,sackOK,eol], length 0
13:28:11.950691 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191011197 ecr 0,sackOK,eol], length 0
13:28:13.551294 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3191012797 ecr 0,sackOK,eol], length 0
13:28:16.750914 IP 192.168.1.196.53197 > mqtt.chiton.1883: Flags [S], seq 68264465, win 65535, options [mss 1460,sackOK,eol], length 0

It looks like only the requests are forwarded in to the VM but the responses are drop

The firewall rule is defined as follows:
View attachment 44831

Output Policy is set to "ACCEPT"

I should be missing something but I don't know what!

Thank you for your help!
Click to expand...
If not checked already whether it works without active firewall do it since also other wrong network configuration can be the cause. Then have a look at generated iptables in the host by running
Code: 
iptables-save
in order to see if the rules had been generated as expected.
 
Thank you @Richard for your response!

Yes, I follow your suggestions and finally arrived to the conclusion that it was a problem with mosquitto configuration file.
It is worth commenting here so others can comment and/or apply the same fix.

Using netstat -an | grep LISTEN I discovered that mosquitto started a listener on "::" address and port 1883.
I tried to connect to the mosquitto VM ussing the ipv4 address but the listener was listening on the ipv6 address.

The solution was to modify the /etc/mosquitto/mosquitto.conf file to explicitly create a listener on the ipv4 address 0.0.0.0 and port 1883. Now it works.

I'm not sure if there are other solutions in the guest Op System or Proxmox that might result in the default mosquitto to listen to ipv4 address without removing the ipv6 stack.

Regards
Ignacio
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom