Proxmox claiming MAC address

spirit

Famous Member
Apr 2, 2010
5,686
626
133
www.odiso.com
I did it earlier at the data center level. Now I did as you wrote and I will test. Thanks!
datacenter level only apply to hypervisors management ips, not vms, so you really need to do it at vm level.

And if I disable all firewalls does it help?
yes, sure.. (disable firewall option on vm nic option, it'll remove the fwbrX interfaces. Disabling vm firewall in vm firewall option is not enough. )
 
  • Like
Reactions: Protei

spirit

Famous Member
Apr 2, 2010
5,686
626
133
www.odiso.com
Looking for others Companies guides about proxmox networking I see that ovh official guide use the IP routed setup mode instead of bridged.

https://docs.ovh.com/gb/en/dedicated/network-bridging/
ovh support both routed && bridged mode,
but bridged mode is supported with their vrack, so you have a true vxlan for you, without any bad flooding traffic from others customers.

https://docs.ovh.com/au/en/dedicated/proxmox-network-hg-scale/


(my personnal opinion: hetzner bridged mode just sucks, because they are not filtering correctly their layer2. Use routed setup with hetzner)
 

openaspace

Member
Sep 16, 2019
382
8
23
Italy
my personnal opinion: hetzner bridged mode just sucks, because they are not filtering correctly their layer2. Use routed setup with hetzner)
that's what I've always thought about this etzner problem..

Officially also hetzner guide allow bridged mode as allowed..
 
Aug 19, 2019
56
7
13
My last mac spoofing complaint from hetzner was closed at 13.11. But it may come up again, I dont know ...
Maybe they changed their detection script a bit, but its hard to tell without any written reply with technical details.
 

egberts

New Member
May 1, 2021
14
1
3
62
Hetzner support should have sent a PCAP file of the offending packets. would go a lot quicker toward this problem resolution.

My advice would be to start a ‘tcpdump -i enp5s0 -w /tmp/capture.pcap‘ and let it run until the Hetzner support complains then peruse the PCAP with Wireshark for outlier packets, starting with sorting by MAC, filter out your KNOWN source MAC address, and repeat but with known source IP address(es).

For my homelab (pve-no-subscription), I find myself having to split my four Ethernet Port NIC into management IP, bridged (vmbr0) without an IP, and MACVLAN all connected to the switch.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!