Proxmox Bridging not working

[pascalku]

Hey there,

I am new to proxmox and currently running the newest version inside a local cluster. My router is listening on 192.168.0.1/16. So I decided to use 192.168.178.131/32 as the ip address for my pve host-machine and the net 192.168.25.0/24 as an ip subnet for my kvm machines.

Now I got the following configuration:

root@pve:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet static
    address 192.168.178.131
    netmask 255.255.255.255
    gateway 192.168.0.1
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/enp2s0/proxy_arp

auto vmbr0
iface vmbr0 inet static
        address  192.168.25.0
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

I used https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#sysadmin_network_configuration to get the current code but it is still not working. If I set bridge_ports to enp2s0, the kvms are available and if I set it to none, the host is available

In my machines you can found the following configuration: ip=192.168.25.13/32 with gw=192.168.0.1

The following error occurs whenever I ping the given ip (192.168.25.13):

Request timeout for icmp_seq 567
92 bytes from s010000.fritz.box (192.168.178.131): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 5400 cea4   0 0000  3f  01 6022 192.168.178.132  192.168.25.13

92 bytes from s010000.fritz.box (192.168.178.131): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 5400 6d3f   0 0000  3f  01 c187 192.168.178.132  192.168.25.13

92 bytes from s010000.fritz.box (192.168.178.131): Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
4  5  00 5400 0346   0 0000  3f  01 2b81 192.168.178.132  192.168.25.13

Request timeout for icmp_seq 568
Request timeout for icmp_seq 569
Request timeout for icmp_seq 570

Hopefully you are able to help me with the provided information.

What I expected is that I am able to give the host one dedicated ip to access the api and each virtual machine should be able to receive between 1 to n addresses.

 

[budy]

Always attach the IP address to the bridge - not to the physical interface and move the interface into the vmbr0.

 

[spirit]

maybe can you try with

auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet static
    address 192.168.178.131
    netmask 255.255.0.0
    gateway 192.168.0.1
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/enp2s0/proxy_arp

auto vmbr0
iface vmbr0 inet static
        address  192.168.25.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

then configure your vms network configuration to use 192.168.25.1 as gateway.

Also, instead proxy_arp, for cleaner config, you can add a route in your fritz.box to 192.168.25.0/24 with 192.168.178.131 as gateway
https://en.avm.de/service/fritzbox/...nfiguring-a-static-IP-route-in-the-FRITZ-Box/

 

[pascalku]

Thank you!

Now I have created a static route in my fritzbox and removed the proxy_arp from my network configuration but the machine cannot access to outside world...

My fritzbox configuration looks like this:


And my current network configuration looks like this:

root@pve:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet static
    address 192.168.178.131
    netmask 255.255.0.0
    gateway 192.168.0.1
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward

auto vmbr0
iface vmbr0 inet static
        address  192.168.25.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd

 

[budy]

Your vmbr0 has no interface assigned, so all the guests can only communicate among themselves. You can regard the term bridge literally here. As I said before, assign your host IP to the bridge and the interface to the list of bridge_ports of vmbr0.

 

[pascalku]

Your vmbr0 has no interface assigned, so all the guests can only communicate among themselves. You can regard the term bridge literally here. As I said before, assign your host IP to the bridge and the interface to the list of bridge_ports of vmbr0.

I'm new and don't get you. Could you make a sample please or provide a sample link?

 

[spirit]

Thank you!

Now I have created a static route in my fritzbox and removed the proxy_arp from my network configuration but the machine cannot access to outside world...

is your proxmox host able to reach ouside world ?
are your vms able to ping -192.168.25.1 ? 192.168.178.131 ?

The configuration should works, this is a routing like:


192.168.0.1/16 (fritz box)---------(enp2s0)--192.168.178.131/16---(routing)---192.168.25.1/24---(vmbr0)------------vms

fritbox-> vms: route to 192.168.25.0/24 gw 192.168.178.131
proxmox-> internet : default gw 192.168.0.1/16
vms -> proxmox : default gw 192.168.25.1/24[/QUOTE][/QUOTE]

 

[spirit]

Your vmbr0 has no interface assigned, so all the guests can only communicate among themselves. You can regard the term bridge literally here. As I said before, assign your host IP to the bridge and the interface to the list of bridge_ports of vmbr0.

He want a routed setup (different subnet), then it don't need interface in vmbr0 in this case.

 

[budy]

So, the "outside" network is 192.168.0.0/16 and the routed one shall be 192.168.25.0/24 and you're performing NAT from the "inner" network, which is actually enclosed in the "outer" network? What's the point of doing that? Since all the traffic is passing through the physical interface anyway, it's easier to attach the host IP to the bridge, isn't it?

I guess the proxy_arp was meant to take care of that, but that's over-complicating the network setup and it's not buying you any security in return, is it?

 

[pascalku]

So, the "outside" network is 192.168.0.0/16 and the routed one shall be 192.168.25.0/24 and you're performing NAT from the "inner" network, which is actually enclosed in the "outer" network? What's the point of doing that? Since all the traffic is passing through the physical interface anyway, it's easier to attach the host IP to the bridge, isn't it?

I guess the proxy_arp was meant to take care of that, but that's over-complicating the network setup and it's not buying you any security in return, is it?

I am new and just followed some tutorials and the answers above. I just want to route the traffic from 192.168.25/24 to my kvm host running on 192.168.178.131/32... And now I don't really understand what I've to do...

 

[pascalku]

is your proxmox host able to reach ouside world ?
are your vms able to ping -192.168.25.1 ? 192.168.178.131 ?

The configuration should works, this is a routing like:


192.168.0.1/16 (fritz box)---------(enp2s0)--192.168.178.131/16---(routing)---192.168.25.1/24---(vmbr0)------------vms

fritbox-> vms: route to 192.168.25.0/24 gw 192.168.178.131
proxmox-> internet : default gw 192.168.0.1/16
vms -> proxmox : default gw 192.168.25.1/24

Now i migrated to this setup but its still not working. My virtual machine does not have any contact to the outworld..






My kvm has no problems connecting to the outside world. I've no problems connecting to a virtual machine but somehow the virtual machine cannot connect to the outside world..

 

[budy]

Actually, I'd cut that short and use a config like this:

auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.178.131
    netmask 255.255.0.0
    gateway 192.168.0.1
    bridge_ports enp2s0
    bridge_stp off
    bridge_fd

You will be able to reach your pve on 192.168.178.131 and you'd then simply bind your guest(s) to vmbr0 and they will able to connect to any other host on the net or the internet and you will be able to connect to your guest(s) on any IP you'd chose from any of this vast range of 65k IPs.