Proxmox generate 2 mac address visibile on the switch not allowed by the data center

the patch to avoid bad traffic with wrong mac to vm && firewall is not yet available in proxmox7. I just send the patch to proxmox devel mailing list friday

https://lists.proxmox.com/pipermail/pve-devel/2021-September/050090.html
https://lists.proxmox.com/pipermail/pve-devel/2021-September/050093.html
https://lists.proxmox.com/pipermail/pve-devel/2021-September/050095.html
https://lists.proxmox.com/pipermail/pve-devel/2021-September/050094.html

(If you have a proxmox7 server to test, I can provide you some test .deb packages)



The mac address prefix option at datacenter level, is prefix when you autogenerate mac address for the vms.
 
the patch to avoid bad traffic with wrong mac to vm && firewall is not yet available in proxmox7. I just send the patch to proxmox devel mailing list friday

https://lists.proxmox.com/pipermail/pve-devel/2021-September/050090.html
https://lists.proxmox.com/pipermail/pve-devel/2021-September/050093.html
https://lists.proxmox.com/pipermail/pve-devel/2021-September/050095.html
https://lists.proxmox.com/pipermail/pve-devel/2021-September/050094.html

(If you have a proxmox7 server to test, I can provide you some test .deb packages)



The mac address prefix option at datacenter level, is prefix when you autogenerate mac address for the vms.
Really thank you for your work.
I will migrate to 7.
 
if you want test on proxmox7, download this deb:

https://mutulin1.odiso.net/libpve-common-perl_7.0-6_all.deb
https://mutulin1.odiso.net/libpve-network-perl_0.6.1_all.deb (optionnal, only if you use the sdn beta feature)
https://mutulin1.odiso.net/pve-container_4.0-9_all.deb (only if you use containers)
https://mutulin1.odiso.net/qemu-server_7.0-13_amd64.deb (only if you use vms)

and install them with "dpkg -i *.deb".

then, edit /etc/network/interfaces,

and under the vmbrX bridge, add "bridge-disable-mac-learning 1"

Code:
auto vmbr0
iface vmbr0 inet manual
        bridge ports ...
       ...
        bridge-disable-mac-learning 1

Then, reboot.

That's all.
 
Last edited:
  • Like
Reactions: whitenexx
I'm tired of hetzner mac issues and thinking to switch provider.
But seriously, what the reason they implemented a mac address monitoring? How it's helping them? What issues solving?
 
I'm tired of hetzner mac issues and thinking to switch provider.
But seriously, what the reason they implemented a mac address monitoring? How it's helping them? What issues solving?
Nooo is one of the best companies in Europe. Cheap servers, flat 1gbps bandwidth. I will try a new setup soon with Routed networking instead of bridged.
 
I have a problem, i am looking for help. I pay to help.


Hetzner send me this:
We have detected that your server is using different MAC addresses from those allowed by your Robot account.

Please take all necessary measures to avoid this in the future and to solve the issue.
We also request that you send a short response to us. This response should contain information about how this could have happened and what you intend to do about it.
In the event that the following steps are not completed successfully, your server can be locked at any time after 2022-02-23 16:47:06 +0100.

How to proceed:
- Solve the issue
- Please note, in case you have fixed the problem, please wait at least 10 minutes before rechecking: https://abuse.hetzner.com/retries/?token=a6a5a33cfd39acb2ca672841935a53a
- After successfully testing that the issue is resolved, send us a statement by using the following link: https://abuse.hetzner.com/statements/?token=a6a5a33cfd39acb2ca672841935a53a

Please visit our FAQ here, if you are unsure how to proceed:
https://docs.hetzner.com/robot/dedicated-server/faq/error-faq/#mac-errors

Important note:
When replying to us, please leave the abuse ID [AbuseID:A0CE8B:1F] unchanged in the subject line. Manual replies will only be handled in the event of a lock.
Please note that we do not provide telephone support in our department. If you have any questions, please send them to us by responding to this email.

Allowed MACs:
44:8a:5b:2c:31:ea
Unallowed MACs:
2a:ba:40:71:83:a2
2c:96:40:71:83:a2


I dont fix this. can anybody help me? I will pay for the help
 
I have a problem, i am looking for help. I pay to help.


Hetzner send me this:
We have detected that your server is using different MAC addresses from those allowed by your Robot account.

<snip>

If you aren't already on proxmox 7, upgrade. That fixed this issue for me at Hetzner.

Edit: Be careful and read the notes before upgrading! You have to set your MAC address in the IPv4 network config (you probably want Solution B) otherwise you'll end up locked out (unless you've also configured IPv6)
 
Last edited:
Nice, almost >2 years and on PVE 7.4-17 I got this warning from hetzner.
In the pve-firewall.log i see unallowed MACs to DEST=notmyIP (but neighbor)
Could it be that PVE means to forward this to the "notmyIP"?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!