Out of Box Networking Issues, Guest VMs

[davez5]

Complete noob here so bear with me. I was able to setup PVE, and get it talking with my DNS in Cloudflare to get a public cert. That along with being able to run updates and such, tell me that the networking on the PVE node is setup correctly. I have created a few VMs to see if it was the VM or config issues, all of them in Bridge mode. The VMs all get an IP from DHCP, and I can see them in my firewalls log as sending and receiving packets, yet the actual VM only appears to be able to send packets and not receive packets.

The VM can ping itself, 172.17.5.63 and it can ping the bridge adaptor on the PVE, 172.17.5.51, but it cannot ping the default gateway, 172.17.5.1 or further. I do see the packets going out the bridge adaptor as I can see them on my external firewall log. It's like the return traffic is not being allowed back in through the bridge to the VM.

Any thoughts or ideas on what to check?

 

[shanreich]

Does the return traffic actually arrive on the PVE node? Are you sure that the IP address you chose for the VM is unique inside the network?

 

[davez5]

Yes as far as I know. It was on DHCP, but I've also tried to set it to a different static IP with the same results. I also ran a pcap on another machine on the network, and it matches what I see on the firewall. I get the ICMP request from the VM, and I send the ICMP Reply. But the VM never seems to get the reply.

 

[shanreich]

does the reply arrive on the host itself?
you could check via tcpdumping on the physical interface that is a member of vmbr0 - that would help us pinpoint the issue.

 

[niteshadow]

Is the NIC connected to a dumb switch or a vlan trunk port ?

 

[davez5]

Is the NIC connected to a dumb switch or a vlan trunk port ?

Just an access port on the switch. I turned on the VLAN aware option to see if it would help, that is why you see it in the config, but it didn't change the outcomes. I can remove that from the config.