Proxmox 4, KVM ping response gets lost on host

S

stephankn

New Member
Oct 20, 2015
4
0
1
Hello,

I have set up according to this manual:
wiki.hetzner.de/index.php/Proxmox_VE/en#Network_configuration_host_system_KVM.2FRouted
pve.proxmox.com/wiki/Network_Model#Routed_Configuration


I can't ping from the VM to the outside. Actually no IP communication is possible from the VM to external.
Host can ping guest and guest can ping host without problems. tcpdump shows packages being forwarded to the internet and response coming back. But packages get lost somewhere between eth0 and vmbr0.

Any ideas on what is wrong with this setup or how to debug further?


I have two public IPs. I chose routed setup.

I changed the first three bytes of the public IPs to 1.2.3 to make the document here more readable and for privacy.

KVM guest is .57, host is .42

Inside guest:
ifconfig eth0 1.2.3.57 pointopoint 1.2.3.42 netmask 255.255.255.255
route add default gw 1.2.3.42

then I do ping 8.8.4.4 on guest and receive no response.


On the HOST:



Code: 
# pveversion -v
proxmox-ve: 4.0-16 (running kernel: 4.2.2-1-pve)
pve-manager: 4.0-50 (running version: 4.0-50/d3a6b7e5)
pve-kernel-4.2.2-1-pve: 4.2.2-16
lvm2: 2.02.116-pve1
corosync-pve: 2.3.5-1
libqb0: 0.17.2-1
pve-cluster: 4.0-23
qemu-server: 4.0-31
pve-firmware: 1.1-7
libpve-common-perl: 4.0-32
libpve-access-control: 4.0-9
libpve-storage-perl: 4.0-27
pve-libspice-server1: 0.12.5-1
vncterm: 1.2-1
pve-qemu-kvm: 2.4-10
pve-container: 1.0-10
pve-firewall: 2.0-12
pve-ha-manager: 1.0-10
ksm-control-daemon: 1.2-1
glusterfs-client: 3.5.2-2+deb8u1
lxc-pve: 1.1.3-1
lxcfs: 0.9-pve2
cgmanager: 0.37-pve2
criu: 1.6.0-1



# cat /etc/network/interfaces
### Hetzner Online GmbH - installimage
# Loopback device:
auto lo
iface lo inet loopback

# device: eth0
auto  eth0
iface eth0 inet static
  address   1.2.3.42
  netmask   255.255.255.255
  gateway   1.2.3.1
  pointopoint 1.2.3.1


auto vmbr0
iface vmbr0 inet static
  address 1.2.3.42
  netmask 255.255.255.255
  bridge_ports none
  bridge_stp off
  bridge_fd 0
  bridge_maxwait 0
  up ip route add 1.2.3.57/32 dev vmbr0




# ifconfig
eth0      Link encap:Ethernet  HWaddr d8:cb:8a:9c:31:8a
          inet addr:1.2.3.42  Bcast:1.2.3.42  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:126615 errors:0 dropped:0 overruns:0 frame:0
          TX packets:115807 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:43898047 (41.8 MiB)  TX bytes:56842329 (54.2 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:95249 errors:0 dropped:0 overruns:0 frame:0
          TX packets:95249 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:45047470 (42.9 MiB)  TX bytes:45047470 (42.9 MiB)

tap101i0  Link encap:Ethernet  HWaddr f6:5e:41:44:ed:5a
          inet6 addr: fe80::f45e:41ff:fe44:ed5a/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:752 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:78708 (76.8 KiB)  TX bytes:1234 (1.2 KiB)

vmbr0     Link encap:Ethernet  HWaddr f6:5e:41:44:ed:5a
          inet addr:1.2.3.42  Bcast:1.2.3.42  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10594 errors:0 dropped:0 overruns:0 frame:0
          TX packets:311 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:918696 (897.1 KiB)  TX bytes:13930 (13.6 KiB)

          
# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         1.2.3.1    0.0.0.0         UG    0      0        0 eth0
1.2.3.1    0.0.0.0         255.255.255.255 UH    0      0        0 eth0
1.2.3.57   0.0.0.0         255.255.255.255 UH    0      0        0 vmbr0


# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether d8:cb:8a:9c:31:8a brd ff:ff:ff:ff:ff:ff
    inet 1.2.3.42 peer 1.2.3.1/32 brd 1.2.3.42 scope global eth0
       valid_lft forever preferred_lft forever
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether f6:5e:41:44:ed:5a brd ff:ff:ff:ff:ff:ff
    inet 1.2.3.42/32 brd 1.2.3.42 scope global vmbr0
       valid_lft forever preferred_lft forever
5: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 500
    link/ether f6:5e:41:44:ed:5a brd ff:ff:ff:ff:ff:ff

       
# ip route show
default via 1.2.3.1 dev eth0
1.2.3.1 dev eth0  proto kernel  scope link  src 1.2.3.42
1.2.3.57 dev vmbr0  scope link


# ip route get 1.2.3.1
1.2.3.1 dev eth0  src 1.2.3.42
    cache

# ip route get 1.2.3.2
1.2.3.2 via 1.2.3.1 dev eth0  src 1.2.3.42
    cache

# ip route get 1.2.3.42
local 1.2.3.42 dev lo  src 1.2.3.42
    cache <local>

# ip route get 1.2.3.57
1.2.3.57 dev vmbr0  src 1.2.3.42
    cache


# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether d8:cb:8a:9c:31:8a brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
    link/ether f6:5e:41:44:ed:5a brd ff:ff:ff:ff:ff:ff
5: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 500
    link/ether f6:5e:41:44:ed:5a brd ff:ff:ff:ff:ff:ff

    
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination


# brctl show
bridge name     bridge id               STP enabled     interfaces
vmbr0           8000.f65e4144ed5a       no              tap101i0

# sysctl net.ipv4 | grep forward
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.tap101i0.forwarding = 1
net.ipv4.conf.tap101i0.mc_forwarding = 0
net.ipv4.conf.vmbr0.forwarding = 1
net.ipv4.conf.vmbr0.mc_forwarding = 0
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0


# sysctl net.ipv4 | grep rp_filter
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.eth0.arp_filter = 0
net.ipv4.conf.eth0.rp_filter = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
net.ipv4.conf.tap101i0.arp_filter = 0
net.ipv4.conf.tap101i0.rp_filter = 0
net.ipv4.conf.vmbr0.arp_filter = 0
net.ipv4.conf.vmbr0.rp_filter = 0


    
# tcpdump -vni eth0 icmp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:41:38.487451 IP (tos 0x0, ttl 63, id 58185, offset 0, flags [DF], proto ICMP (1), length 84)
    1.2.3.57 > 8.8.4.4: ICMP echo request, id 2283, seq 1, length 64
22:41:38.492939 IP (tos 0x0, ttl 57, id 41863, offset 0, flags [none], proto ICMP (1), length 84)
    8.8.4.4 > 1.2.3.57: ICMP echo reply, id 2283, seq 1, length 64

    
# tcpdump -vni vmbr0 icmp
tcpdump: listening on vmbr0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:42:52.072199 IP (tos 0x0, ttl 64, id 1041, offset 0, flags [DF], proto ICMP (1), length 84)
    1.2.3.57 > 8.8.4.4: ICMP echo request, id 2283, seq 74, length 64
22:42:53.080130 IP (tos 0x0, ttl 64, id 1237, offset 0, flags [DF], proto ICMP (1), length 84)
    1.2.3.57 > 8.8.4.4: ICMP echo request, id 2283, seq 75, length 64


# ping 1.2.3.57
PING 1.2.3.57 (1.2.3.57) 56(84) bytes of data.
64 bytes from 1.2.3.57: icmp_seq=1 ttl=64 time=0.176 ms
64 bytes from 1.2.3.57: icmp_seq=2 ttl=64 time=0.148 ms
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back