No VM or CT network access after firewall

RadOD

New Member
Sep 17, 2021
2
0
1
58
I got started with Proxmox relatively recently but I've set up a number of containers and vm's that had been working ok. But a Debian VM I was using for syncthing was transferring consistently but slowly on LAN. I could not connect to the VM's syncthing webpage from outside the container so I started up the firewall from datacenter to node to vm's to see if I could port forward. All I had done was to set up a few simple allow rules but nothing was going in or out. I gradually kept adding more 'allow' rules but couldn't even get DHCP to work and no data if IP was manually set.

Giving up for now, I turned firewall off - again at each and every level, including but firewall options and the option under the virtio device - and still not one vm can connect to anything! I restarted vm's and rebooted the host with no luck.

Host:
Code:
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 70:85:c2:5f:fc:04 brd ff:ff:ff:ff:ff:ff
3: enp6s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 70:85:c2:5f:fc:02 brd ff:ff:ff:ff:ff:ff
4: enp10s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether a0:36:9f:3f:d8:1c brd ff:ff:ff:ff:ff:ff
5: enp10s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether a0:36:9f:3f:d8:1e brd ff:ff:ff:ff:ff:ff
6: wlp5s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether f8:94:c2:ff:02:b2 brd ff:ff:ff:ff:ff:ff
7: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a0:36:9f:3f:d8:1c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.20/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::a236:9fff:fe3f:d81c/64 scope link
       valid_lft forever preferred_lft forever
48: veth203i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr203i0 state UP group default qlen 1000
    link/ether fe:12:58:a8:8f:b0 brd ff:ff:ff:ff:ff:ff link-netnsid 0
49: fwbr203i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 16:9f:84:60:7a:a4 brd ff:ff:ff:ff:ff:ff
50: fwpr203p0@fwln203i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 36:ec:d4:64:3b:43 brd ff:ff:ff:ff:ff:ff
51: fwln203i0@fwpr203p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr203i0 state UP group default qlen 1000
    link/ether 3e:af:71:02:82:05 brd ff:ff:ff:ff:ff:ff
52: tap107i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether b2:53:5b:e4:ee:72 brd ff:ff:ff:ff:ff:ff
53: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether a2:ae:24:61:e3:77 brd ff:ff:ff:ff:ff:ff

Code:
ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 70:85:c2:5f:fc:04 brd ff:ff:ff:ff:ff:ff
3: enp6s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 70:85:c2:5f:fc:02 brd ff:ff:ff:ff:ff:ff
4: enp10s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP mode DEFAULT group default qlen 1000
    link/ether a0:36:9f:3f:d8:1c brd ff:ff:ff:ff:ff:ff
5: enp10s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether a0:36:9f:3f:d8:1e brd ff:ff:ff:ff:ff:ff
6: wlp5s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether f8:94:c2:ff:02:b2 brd ff:ff:ff:ff:ff:ff
7: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether a0:36:9f:3f:d8:1c brd ff:ff:ff:ff:ff:ff
48: veth203i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr203i0 state UP mode DEFAULT group default qlen 1000
    link/ether fe:12:58:a8:8f:b0 brd ff:ff:ff:ff:ff:ff link-netnsid 0
49: fwbr203i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 16:9f:84:60:7a:a4 brd ff:ff:ff:ff:ff:ff
50: fwpr203p0@fwln203i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP mode DEFAULT group default qlen 1000
    link/ether 36:ec:d4:64:3b:43 brd ff:ff:ff:ff:ff:ff
51: fwln203i0@fwpr203p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr203i0 state UP mode DEFAULT group default qlen 1000
    link/ether 3e:af:71:02:82:05 brd ff:ff:ff:ff:ff:ff
52: tap107i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether b2:53:5b:e4:ee:72 brd ff:ff:ff:ff:ff:ff
53: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether a2:ae:24:61:e3:77 brd ff:ff:ff:ff:ff:ff

Code:
cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface enp10s0f0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.1.20/24
    gateway 192.168.1.1
    bridge-ports enp10s0f0
    bridge-stp off
    bridge-fd 0

iface enp4s0 inet manual

iface enp6s0 inet manual

iface enp10s0f1 inet manual

iface wlp5s0 inet manual



guest vm:
bridge vmbr0
no vlan
virtio

Code:
cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface eth0 inet dhcp

I thought the only thing I had done was turn the firewall on, add some allow rules, then turn it off. And pve-firewall status returns "Status: disabled/stopped". But still nothing. The vmbr0 bridge is up and has the right IP. The vm is set to use it in the GUI, but the guest can't seem to see it. Where do I go to start troubleshooting?
 
Does it work if you set a static IP address inside the VM?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!