Proxmox 5.2 network issues

[Alejo]

Hi there!

I've installed successfully a fresh Proxmox (pve-manager: 5.2-9 kernel: 4.15.18-pve). I downloaded the ISO from the official website and installed it from a CD.

THE PROBLEM:
I'm not able to:

1. Display the Admin-GUI via HTTPS <my-ip>:8006. (I get a "took too long to respond" message on my Chrome, Firefox, and IExplorer).
2. Establish SSH connection
3. The ping works only from my server to my gateway, not in the opposite direction. I can't ping my laptop from my proxmox and viceversa. I can't ping my proxmox from my gateway. I get the "Host unreachable" message for the cases where the ping is not working.

To make it more interesting:

• I can ping from my proxmox to my gateway's private and public addresses, to my dns-server and even Google. Because of that, I was able to update and upgrade my server using the deb repositories

That says, there is an Internet connection available that the server is able to use for updating and installing packs.

WHAT HAVE I DONE?

1. Read a lot!
2. I disabled all the firewalls in my proxmox server as well as in my windows-laptop, then retried: SAME ISSUE.
3. I checked if the server is listening from port 8006: IT IS.
4. I checked if the server has opened the ssh-22-port: IT HAS.
5. I also allowed all incoming|outgoing|forwarding traffic in a desperate attempt, then retried: SAME ISSUE.
6. I checked if the server has a default route pointing to my gateway: IT HAS.

Current network topography:

• My router is an ARRIS BGW210-700 (AT&T)
• My proxmox is connected via ethernet (wired) to my private network
• My laptop is wireless connected to my private
• Both PCs are in the same subnet: 192.168.1.x/24: (laptop = 192.168.1.200), and proxmox's

/etc/network/interfaces:
auto lo
iface lo inet loopback
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static (also tried with dhcp with no improvement)
address 192.168.1.201
netmask 255.255.255.0
gateway 192.168.1.254
bridge_ports eno1
bridge_stp off
bridge_fd 0

/etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.1.201 dracarys.attlocal.net dracarys pvelocalhost

/etc/hostname
dracarys

When I started this troubleshooting, I thought the guilty was my router because it may have been blocking the traffic between the two PCs, but I had to discard that option once I used the diagnostic tools that the router provides. The router itself can't ping the proxmox and they are wired connected via ethernet as mentioned before.

This is my first time installing proxmox. I 'm very excited about this experience, but it is being hard to start working with this. I haven't created my first VM yet!

Please, guys. I've seen a lot of posts with a similar topic (not only in this forum) and none of the cases I've studied matches with my current situation.

I hope I can get your help on this matter to find a solution.

Thanks in advance!

----------------------------------
May the force be with you
----------------------------------

 

[Stoiko Ivanov]

* If they are on the same segment/network - check if you see your laptop+router in the arp/neighbor table (after trying to ping your host):
`ip neigh`.
* To rule out that there are still firewall rules on your PVE system - check the output of `iptables -nvL`
* Make sure that there are no duplicate ips in the network (could explain the problems) (ping the PVE ip from your laptop and check whether the mac-address for the ip matches the one from your PVE host)
* check the output of `ip link`, `ip addr` and `ip route`
* start a tcpdump on the interface you're expecting the traffic to arrive (tcpdump -envi vmbr0) - and try to connect

 

[Alejo]

* If they are on the same segment/network - check if you see your laptop+router in the arp/neighbor table (after trying to ping your host):
`ip neigh`.
* To rule out that there are still firewall rules on your PVE system - check the output of `iptables -nvL`
* Make sure that there are no duplicate ips in the network (could explain the problems) (ping the PVE ip from your laptop and check whether the mac-address for the ip matches the one from your PVE host)
* check the output of `ip link`, `ip addr` and `ip route`
* start a tcpdump on the interface you're expecting the traffic to arrive (tcpdump -envi vmbr0) - and try to connect

Thank you so much for your time Stoiko!
I did the ping and then the ip neigh to my laptop from my PVE:

192.168.1.200 dev vmbr0 FAILED
192.168.1.254 dev vmbr0 lladdr <a-given-MAC> router STALE

Other steps:

• iptables are accepting all traffic.
• There are no duplicate IPs in the network
• ip link/addr/route showed all the interfaces as UP, with the expected values (per proxmox's installtion/configuration instructions)
• started tcpdump as directed, but I did not understand the fast bunch of messages that were listed.
• additionally, I ping my PVE from my laptop (windows7), then executed the command 'arp -A' and all the connected devices' IPs were listed. My PVE's IP was not in that list.

I'm starting to believe that my recently installed Proxmox is not guilty since everything in its configuration values seem to be correct.

I did one more test: I established a direct connection between my laptop and my PVE using the same ethernet cable. After disabling the wireless on my laptop and setting up a static IP over that wired network, I was able to ping my laptop from my PVE and I also was able to access the Admin-GUI from my web-browser.

I believe there is something in the router that is blocking the connected devices to see each other. Is this possible?

If that is the case, I understand that this is a topic out of the proxmox environment. Thus, it is possible that this community can't help me to get my problem solved.

If so: Is there any other Forum that you would recommend me to get some help? There is to much noise on Internet. Thus, any help on finding a trusted source of information will be highly appreciated.

Once again: Thanks for your time!

Regards.

 

[Stoiko Ivanov]

Sounds like your router could be the culprit indeed.
AFAIK there are quite a few switches routers which have an option to not let any traffic pass between ports (port isolation/private VLAN is the term AFAIR), which can make sense in a shared environment/when dealing with insecure devices.

You could consult the manual of the router in question, or contact the vendors' support or try to replace it by some other router/switch and see if the problem persists.
Exchanging the cables also could potentially help

Else I'd say - try to google for your router's model and port isolation/private vlan - maybe something pops up.

Maybe someone from the Proxmox community had the very same router and problem - you could post the model here

 

[Alejo]

Sounds like your router could be the culprit indeed.
AFAIK there are quite a few switches routers which have an option to not let any traffic pass between ports (port isolation/private VLAN is the term AFAIR), which can make sense in a shared environment/when dealing with insecure devices.

You could consult the manual of the router in question, or contact the vendors' support or try to replace it by some other router/switch and see if the problem persists.
Exchanging the cables also could potentially help

Else I'd say - try to google for your router's model and port isolation/private vlan - maybe something pops up.

Maybe someone from the Proxmox community had the very same router and problem - you could post the model here

Thanks again Stoiko! You're awesome.

I'll google using your recommendation. I'll also contact AT&T support. The replacement is the last option right now because I have no idea about how to select the most appropriate and economic router for me. I'm a total newbie in this networking stuffs, so the less expensive the solution the better.

My router model: Arris BGW210-700.

I hope someone that has solved this issue can share her/his wisdom with me (and this awesome community).

I'll share the solution with you all as soon as I find it.

Have a great weekend everyone!

 

[Alejo]

Friends!

The guilty was not the Proxmox, neither the router.

It turned out that the Power-Line(s) used to establish the wired connection between my server and the router were not in sync. I learned that the hard way and after a lot of posts and research. The solution was as simplest as restart both power-lines.

Lesson: always start testing from the lowest layer of your configuration. Trust, but verify!

Now everything is worked as expected. Issue SOLVED.

Thanks, Stoiko for all your time!

Regards and happy weekend!

 

[Stoiko Ivanov]

You're welcome - Glad it worked!
If possible please mark the thread as SOLVED, so that others know the issue is resolved.