OpenVswitch with VLAN - Firewall problems

rsmvdl

Member
Jul 15, 2016
29
2
8
27
Hello,

i'm currently facing a strange issue. I have a proxmox cluster - v. 4.4-13/7ea56165 (dirty 2 node cluster with 1 quorum vote) and i use OpenVswitch to have networing between my containers/VM and it doenst matter on wich of the 2 nodes the Containers/VM are. They can communicate without any problems trough the physical privat network between the two Proxmox nodes trough the overlayd gre tunnel using tagged-VLAN.

Here are my Network configs so you maybe have a better picture about my problem:

auto lo
iface lo inet loopback

#public
auto eth0
iface eth0 inet manual

#privat
auto eth1
iface eth1 inet dhcp

auto vmbr0
iface vmbr0 inet static
address x.x.x.x
netmask x.x.x.x
gateway x.x.x.x
bridge_ports eth0
bridge_stp off
bridge_fd 0
pre-up ifconfig eth0 mtu 9000

#Global Tenant Network
auto vmbr1
iface vmbr1 inet manual
ovs_type OVSBridge
post-up ovs-vsctl add-port vmbr1 vnet0 -- set interface vnet0 type=gre options:remote_ip=''Privat_IP_of_other_node''


I have no issues at all if i disable the firewall but as soon as i enable the firewall, the Containers/VMs are not able communicate trough the gre tunnel/OpenVswitch. I simply get a "host unreachable" message...
I have opend the privat interfaces (eth1 and vmbr1) on both Proxmox hosts to communicate with each other but with no effect... As soon as thge firewall is set On there simply is no communication anymore...

would be grate if somebody has a hint for me on that case...

Greetings and thanks in advance
 

Richard

Proxmox Staff Member
Staff member
Mar 6, 2015
749
26
48
Austria
i'm currently facing a strange issue. I have a proxmox cluster - v. 4.4-13/7ea56165 (dirty 2 node cluster with 1 quorum vote) and i use OpenVswitch to have networing between my containers/VM and it doenst matter on wich of the 2 nodes the Containers/VM are. They can communicate without any problems trough the physical privat network between the two Proxmox nodes trough the overlayd gre tunnel using tagged-VLAN.

Here are my Network configs so you maybe have a better picture about my problem:

auto lo
iface lo inet loopback

#public
auto eth0
iface eth0 inet manual

#privat
auto eth1
iface eth1 inet dhcp

auto vmbr0
iface vmbr0 inet static
address x.x.x.x
netmask x.x.x.x
gateway x.x.x.x
bridge_ports eth0
bridge_stp off
bridge_fd 0
pre-up ifconfig eth0 mtu 9000

#Global Tenant Network
auto vmbr1
iface vmbr1 inet manual
ovs_type OVSBridge
post-up ovs-vsctl add-port vmbr1 vnet0 -- set interface vnet0 type=gre options:remote_ip=''Privat_IP_of_other_node''


I have no issues at all if i disable the firewall but as soon as i enable the firewall, the Containers/VMs are not able communicate trough the gre tunnel/OpenVswitch. I simply get a "host unreachable" message...
I have opend the privat interfaces (eth1 and vmbr1) on both Proxmox hosts to communicate with each other but with no effect... As soon as thge firewall is set On there simply is no communication anymore...

How (and where) are the firewall settings?

If it's the Proxmox VE firewall, run

Code:
iptables-save
grep "" /etc/pve/firewall/*
 

rsmvdl

Member
Jul 15, 2016
29
2
8
27
yes is use ProxMox VE firewall on these hosts, thats right.

The Firewall settings are enabled on the following levels: Datacenter, Host
as soon as these two levels are enabled im not able to communcate trough the gre tunnel between my two hosts
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!