After moving my VM to the default bridging interface (vmbr0) and using the public IP on it i would assume that ALL traffic flowing both ways would be open unless altered or blocked by something between the VM and the switch. Which I thought this was the case as 3389 and 8080 was already open. As to test i have disabled absolutely anything that could block traffic. I have a blank Iptables with no rules at all. I have windows set with the Public/Private/Domain firewalls turned off. On proxmox I have the firewall disabled at the Datacenter level, the Node level, and the VM level. As much as i can possibly see, i have absolutely NOTHING on or running that can block any traffic (that i know about) which i would think be apparent because i can access the webpage on 8080 and rdp for the vm.
My windows VM is bridged to vmbr0. I have my IP as 158.69.101.xxx (failover IP) with netmask 255.255.0.0 and gateway of 158.69.122.xxx. With the vnic mac set as the virtual nic assigned to my failover IP. This worked immediately and let me access the internet.
Here's my /etc/network/interfaces files now.
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# for Routing
auto vmbr1
iface vmbr1 inet manual
post-up /etc/pve/kvm-networking.sh
bridge_ports dummy0
bridge_stp off
bridge_fd 0
# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
address 158.69.122.xxx
netmask 255.255.255.0
network 158.69.122.0
broadcast 158.69.122.255
gateway 158.69.122.xxx
bridge_ports eth0
bridge_stp off
bridge_fd 0
iface vmbr0 inet6 static
address 2607:5300:xx:xxxx::
netmask 64
post-up /sbin/ip -f inet6 route add 2607:5300:60:99ff:ff:ff:ff:ff dev vmbr0
post-up /sbin/ip -f inet6 route add default via 2607:5300:60:99ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del default via 2607:5300:60:99ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del 2607:5300:60:99ff:ff:ff:ff:ff dev vmbr0
This is the output of my iptables-save
# Generated by iptables-save v1.4.14 on Tue Dec 8 23:11:10 2015
*mangle
REROUTING ACCEPT [9039:2615715]
:INPUT ACCEPT [8170:2571654]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1686:430757]
OSTROUTING ACCEPT [1686:430757]
COMMIT
# Completed on Tue Dec 8 23:11:10 2015
# Generated by iptables-save v1.4.14 on Tue Dec 8 23:11:10 2015
*filter
:INPUT ACCEPT [290:77104]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [101:15487]
COMMIT
# Completed on Tue Dec 8 23:11:10 2015
pve-firewall status shows
Status: disabled/stopped
Both proxy_arp and ip_forward are set to "1".
Am i just missing something here? It feels like i might be but everything is telling me i'm not. Maybe some basic configuration or iptables rules? Which i don't see why iptables would even be needed as realistically my setup is just eth0 > bridge > vm. Maybe routing between my Primary ip and fail over? I've been reading documentation on this for the last 8 hours and can't seem to understand why it's not working.
Any help is appreciated,
Thanks
My windows VM is bridged to vmbr0. I have my IP as 158.69.101.xxx (failover IP) with netmask 255.255.0.0 and gateway of 158.69.122.xxx. With the vnic mac set as the virtual nic assigned to my failover IP. This worked immediately and let me access the internet.
Here's my /etc/network/interfaces files now.
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# for Routing
auto vmbr1
iface vmbr1 inet manual
post-up /etc/pve/kvm-networking.sh
bridge_ports dummy0
bridge_stp off
bridge_fd 0
# vmbr0: Bridging. Make sure to use only MAC adresses that were assigned to you.
auto vmbr0
iface vmbr0 inet static
address 158.69.122.xxx
netmask 255.255.255.0
network 158.69.122.0
broadcast 158.69.122.255
gateway 158.69.122.xxx
bridge_ports eth0
bridge_stp off
bridge_fd 0
iface vmbr0 inet6 static
address 2607:5300:xx:xxxx::
netmask 64
post-up /sbin/ip -f inet6 route add 2607:5300:60:99ff:ff:ff:ff:ff dev vmbr0
post-up /sbin/ip -f inet6 route add default via 2607:5300:60:99ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del default via 2607:5300:60:99ff:ff:ff:ff:ff
pre-down /sbin/ip -f inet6 route del 2607:5300:60:99ff:ff:ff:ff:ff dev vmbr0
This is the output of my iptables-save
# Generated by iptables-save v1.4.14 on Tue Dec 8 23:11:10 2015
*mangle
REROUTING ACCEPT [9039:2615715]:INPUT ACCEPT [8170:2571654]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1686:430757]
OSTROUTING ACCEPT [1686:430757]COMMIT
# Completed on Tue Dec 8 23:11:10 2015
# Generated by iptables-save v1.4.14 on Tue Dec 8 23:11:10 2015
*filter
:INPUT ACCEPT [290:77104]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [101:15487]
COMMIT
# Completed on Tue Dec 8 23:11:10 2015
pve-firewall status shows
Status: disabled/stopped
Both proxy_arp and ip_forward are set to "1".
Am i just missing something here? It feels like i might be but everything is telling me i'm not. Maybe some basic configuration or iptables rules? Which i don't see why iptables would even be needed as realistically my setup is just eth0 > bridge > vm. Maybe routing between my Primary ip and fail over? I've been reading documentation on this for the last 8 hours and can't seem to understand why it's not working.
Any help is appreciated,
Thanks
Last edited:
