Hi!
I have a problem with port forwarding between VMs. Port forwarding between other machines and one of VMs works fine.
My setup:
10.0.4.4/24 - IP of proxmox
10.0.4.8/24 - VM1 with debian and MSSQL
10.0.4.9/24 - VM2 with debian and MSSQL
10.0.4.7/24 - VM3 with windows10
10.0.5.5/24 - VIP that should forward ports to one of the databases
mikrotik router with setup of destination nat 10.0.5.5->10.0.4.8 (all ports and protocols).
I have several subnets on my router.
What's the problem in details:
10.0.4.7 cannot connect to 10.0.5.5 on any port (tried 22 and 1433)
10.0.4.8 cannot connect to 10.0.5.5 on any port (tried 22 and 1433)
10.0.4.9 cannot connect to 10.0.5.5 on any port (tried 22 and 1433)
10.0.4.4 cannot connect to 10.0.5.5 on any port (tried 22 and 1433)
On the other hand:
192.168.0.26/24 can talk with 10.0.5.5:1433 (it's forwarded to mssql).
192.168.0.10/24 can talk with 10.0.5.5:1433 (it's forwarded to mssql).
Every host can connect to another one without the port forwarding.
I also tried VIP as address in the same subnet - no difference.
Proxmox firewall IMHO doesn't matter - i already tried turning it off for VMs, and changed policy to ACCEPT.
mikrotik firewall also doesn't matter - i already tried turning off
It looks like something on proxmox is messing with the simple port forwarding between two VMs.
I used diagnostic tool of tcpdump while making "telnet 10.0.5.5 22" from 10.0.4.8.
10.0.4.8 (tcpdump host 10.0.4.9 -n):
10.0.4.9 (tcpdump host 10.0.4.8 -n):
It keeps repeating over and over again, but telnet fails to connect.
The same test while making "telnet 10.0.4.9 22" from 10.0.4.8:
10.0.4.8 (tcpdump host 10.0.4.9 -n):
10.0.4.9 (tcpdump host 10.0.4.8 -n):
At the end it's the windows that should request something from 10.0.5.5 but for debuging i used two debian VMs because it was easier to use tcpdump to show you.
Help!
I have a problem with port forwarding between VMs. Port forwarding between other machines and one of VMs works fine.
My setup:
10.0.4.4/24 - IP of proxmox
10.0.4.8/24 - VM1 with debian and MSSQL
10.0.4.9/24 - VM2 with debian and MSSQL
10.0.4.7/24 - VM3 with windows10
10.0.5.5/24 - VIP that should forward ports to one of the databases
mikrotik router with setup of destination nat 10.0.5.5->10.0.4.8 (all ports and protocols).
I have several subnets on my router.
What's the problem in details:
10.0.4.7 cannot connect to 10.0.5.5 on any port (tried 22 and 1433)
10.0.4.8 cannot connect to 10.0.5.5 on any port (tried 22 and 1433)
10.0.4.9 cannot connect to 10.0.5.5 on any port (tried 22 and 1433)
10.0.4.4 cannot connect to 10.0.5.5 on any port (tried 22 and 1433)
On the other hand:
192.168.0.26/24 can talk with 10.0.5.5:1433 (it's forwarded to mssql).
192.168.0.10/24 can talk with 10.0.5.5:1433 (it's forwarded to mssql).
Every host can connect to another one without the port forwarding.
I also tried VIP as address in the same subnet - no difference.
Proxmox firewall IMHO doesn't matter - i already tried turning it off for VMs, and changed policy to ACCEPT.
mikrotik firewall also doesn't matter - i already tried turning off
It looks like something on proxmox is messing with the simple port forwarding between two VMs.
I used diagnostic tool of tcpdump while making "telnet 10.0.5.5 22" from 10.0.4.8.
10.0.4.8 (tcpdump host 10.0.4.9 -n):
Code:
07:22:55.409968 IP 10.0.4.9.22 > 10.0.4.8.55162: Flags [S.], seq 643677982, ack 1097583231, win 65160, options [mss 1460,sackOK,TS val 2544165787 ecr 644348620,nop,wscale 7], length 0
07:22:55.409977 IP 10.0.4.8.55162 > 10.0.4.9.22: Flags [R], seq 1097583231, win 0, length 0
Code:
07:22:55.415840 IP 10.0.4.8.55162 > 10.0.4.9.22: Flags [S], seq 1097583230, win 64240, options [mss 1460,sackOK,TS val 644348620 ecr 0,nop,wscale 7], length 0
07:22:55.415860 IP 10.0.4.9.22 > 10.0.4.8.55162: Flags [S.], seq 643677982, ack 1097583231, win 65160, options [mss 1460,sackOK,TS val 2544165787 ecr 644348620,nop,wscale 7], length 0
07:22:55.416090 IP 10.0.4.8.55162 > 10.0.4.9.22: Flags [R], seq 1097583231, win 0, length 0It keeps repeating over and over again, but telnet fails to connect.
The same test while making "telnet 10.0.4.9 22" from 10.0.4.8:
10.0.4.8 (tcpdump host 10.0.4.9 -n):
Code:
07:26:28.248294 IP 10.0.4.8.36366 > 10.0.4.9.22: Flags [S], seq 250238083, win 64240, options [mss 1460,sackOK,TS val 99689837 ecr 0,nop,wscale 7], length 0
07:26:28.248580 IP 10.0.4.9.22 > 10.0.4.8.36366: Flags [S.], seq 651136210, ack 250238084, win 65160, options [mss 1460,sackOK,TS val 2544378626 ecr 99689837,nop,wscale 7], length 0
07:26:28.248590 IP 10.0.4.8.36366 > 10.0.4.9.22: Flags [.], ack 1, win 502, options [nop,nop,TS val 99689838 ecr 2544378626], length 0
07:26:28.255005 IP 10.0.4.9.22 > 10.0.4.8.36366: Flags [P.], seq 1:41, ack 1, win 510, options [nop,nop,TS val 2544378632 ecr 99689838], length 40: SSH: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
07:26:28.255015 IP 10.0.4.8.36366 > 10.0.4.9.22: Flags [.], ack 41, win 502, options [nop,nop,TS val 99689844 ecr 2544378632], length 0
Code:
07:26:28.254490 IP 10.0.4.8.36366 > 10.0.4.9.22: Flags [S], seq 250238083, win 64240, options [mss 1460,sackOK,TS val 99689837 ecr 0,nop,wscale 7], length 0
07:26:28.254525 IP 10.0.4.9.22 > 10.0.4.8.36366: Flags [S.], seq 651136210, ack 250238084, win 65160, options [mss 1460,sackOK,TS val 2544378626 ecr 99689837,nop,wscale 7], length 0
07:26:28.254681 IP 10.0.4.8.36366 > 10.0.4.9.22: Flags [.], ack 1, win 502, options [nop,nop,TS val 99689838 ecr 2544378626], length 0
07:26:28.260824 IP 10.0.4.9.22 > 10.0.4.8.36366: Flags [P.], seq 1:41, ack 1, win 510, options [nop,nop,TS val 2544378632 ecr 99689838], length 40: SSH: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
07:26:28.261214 IP 10.0.4.8.36366 > 10.0.4.9.22: Flags [.], ack 41, win 502, options [nop,nop,TS val 99689844 ecr 2544378632], length 0At the end it's the windows that should request something from 10.0.5.5 but for debuging i used two debian VMs because it was easier to use tcpdump to show you.
Help!