[SOLVED] Proxmox can't receive HTTP response but can make ICMP pings

ShihabSoft

Active Member
Nov 8, 2019
6
4
43
29
I've recently setup proxmox VE 6.2

I've two network adapters, one is a LAN network and other is a WAN network (USB RNDIS)

I've setup pfSense as a VM, as in the netgate docs I've created two bridges for WAN and LAN with those two physical NICs.

Everything is going fine, pfSense works as expected all lan clients can access the internet flawlessly through the pfSense VM.

But the issue is, proxmox can't make HTTP requests, I know it's weird. It can successfully access the internet, like I can make pings to 1.1.1.1 or any public available IP.

I tried like this

curl -vvv google.com

this is the ouput I got and this is where it's getting stuck, all HTTP connection acts the same way

* Trying 216.58.197.46...
* TCP_NODELAY set
* Expire in 149896 ms for 3 (transfer 0x55772a88ddc0)
* Expire in 200 ms for 4 (transfer 0x55772a88ddc0)
* Connected to google.com (216.58.197.46) port 80 (#0)
> GET / HTTP/1.1
> Host: google.com
> User-Agent: curl/7.64.0
> Accept: */*

And it's stuck there and times out after a while. Can't make apt update either. It seems to get connected but can't receive the response back.

This is the ping response

ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=56 time=75.4 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=56 time=74.7 ms

no issues there.


This is one hell of a weird issue, I've never faced before.


ip route list
default via 192.168.0.1 dev vmbr0 onlink
192.168.0.0/24 dev vmbr0 proto kernel scope link src 192.168.0.114
192.168.1.0/24 dev vmbr2 proto kernel scope link src 192.168.1.102

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
link/ether 3c:07:71:55:54:6e brd ff:ff:ff:ff:ff:ff
3: enx0c5b8f279a64: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
link/ether 0c:5b:8f:27:9a:64 brd ff:ff:ff:ff:ff:ff
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 3c:07:71:55:54:6e brd ff:ff:ff:ff:ff:ff
inet 192.168.0.114/24 brd 192.168.0.255 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::3e07:71ff:fe55:546e/64 scope link
valid_lft forever preferred_lft forever
5: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 0c:5b:8f:27:9a:64 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.102/24 brd 192.168.1.255 scope global dynamic vmbr2
valid_lft 84813sec preferred_lft 84813sec
inet6 fe80::e5b:8fff:fe27:9a64/64 scope link
valid_lft forever preferred_lft forever
6: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
link/ether 5a:1e:56:2a:0d:fe brd ff:ff:ff:ff:ff:ff
7: tap100i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
link/ether a2:fe:d5:1d:43:8f brd ff:ff:ff:ff:ff:ff


iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
 
Proxmox IP - 192.168.0.114 (Static configured)

pfSense Gateway IP - 192.168.0.1

WAN (Internal IP) - 192.168.1.101

vmbr0 - LAN bridge
vmbr2 - WAN bridge
 
Wow, it's fixed!

I had to one small thing, which was already in the netgate docs (Which I failed to read, silly me ;) )


Go to System->Advanced->Networking

Then click on Disable hardware checksum offload and press Save.

Voila! Now proxmox can make http requests or access internet flawlessly!
 
Hey, good to hear that you were able to solve it.

It should be mentioned that the `Disable hardware checksum offload` setting needs to be done in the pfSense.

Would you please be so kind as to mark the thread as solved? (edit the first post and in the dropdown next to the title select the solved prefix).
Thanks :)
 
  • Like
Reactions: ShihabSoft
Hey, good to hear that you were able to solve it.

It should be mentioned that the `Disable hardware checksum offload` setting needs to be done in the pfSense.

Would you please be so kind as to mark the thread as solved? (edit the first post and in the dropdown next to the title select the solved prefix).
Thanks :)

Wow, I am melted with your kindness.

Would you please let me know how to do that?
 
Would you please let me know how to do that?
Edit the first posting in this thread. Next to the title should be a drop down menu in which you can select `solved`.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!