Proxmox host can't ping gateway or external ip

hipitihop · Jan 27, 2020

Background:
I had a working Proxmox setup with a single NIC, on static IP 192.168.0.105 and the gateway 192.168.0.1 (gateway is another physical box running PfSense on VMWare Esxi but should have no bearing)

Now: I recently added a second NIC, however now although all VMs and LXCs can ping the gateway and have internet access, dns etc, the Proxmox host itself can no longer ping the gateway, or external IP like 8.8.8.8 and in turn can't get updates etc. It can however ping othe VM's, LXCs and other machines on the subnet. Totally baffled.


root@pve:~# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet manual

auto enp3s0
iface enp3s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address  192.168.0.105
        netmask  24
        gateway  192.168.0.1
        bridge-ports enp1s0 enp3s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094


root@pve:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast master vmbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 44:8a:5b:a2:25:96 brd ff:ff:ff:ff:ff:ff
3: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP mode DEFAULT group default qlen 1000
    link/ether 68:05:ca:0a:7e:eb brd ff:ff:ff:ff:ff:ff
4: wlp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 80:86:f2:67:04:30 brd ff:ff:ff:ff:ff:ff
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 68:05:ca:0a:7e:eb brd ff:ff:ff:ff:ff:ff
8: tap302i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether b2:28:8a:55:cd:9e brd ff:ff:ff:ff:ff:ff
9: tap301i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 86:f4:eb:c7:6e:ce brd ff:ff:ff:ff:ff:ff
11: veth101i0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP mode DEFAULT group default qlen 1000
    link/ether fe:b3:4f:2a:8b:56 brd ff:ff:ff:ff:ff:ff link-netnsid 1
12: fwbr101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 16:08:9d:72:e4:ff brd ff:ff:ff:ff:ff:ff
13: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP mode DEFAULT group default qlen 1000
    link/ether 52:49:3d:dc:ef:20 brd ff:ff:ff:ff:ff:ff
14: fwln101i0@fwpr101p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP mode DEFAULT group default qlen 1000
    link/ether 16:08:9d:72:e4:ff brd ff:ff:ff:ff:ff:ff
16: veth401i0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP mode DEFAULT group default qlen 1000
    link/ether fe:32:05:29:aa:cb brd ff:ff:ff:ff:ff:ff link-netnsid 0


root@pve:~# ip route
default via 192.168.0.1 dev vmbr0 onlink 
192.168.0.0/24 dev vmbr0 proto kernel scope link src 192.168.0.105

wolfgang · Jan 27, 2020

Hi,

If you give a vmbridge two nics and connect it to one switch you get a network loop.
A vmbr is a virtual switch. But there is no STP or RSTP enabled in the default configuration.

Why do you us two nics?

hipitihop · Jan 27, 2020

wolfgang said:
Hi,

If you give a vmbridge two nics and connect it to one switch you get a network loop.
A vmbr is a virtual switch. But there is no STP or RSTP enabled in the default configuration.

Why do you us two nics?

Clearly I understand networking enough to be dangerous, so I'm still processing what you are saying. I'm not sure what STP, RSTP is about so I have some homework to do, but to answer your immediate question:

The reason I installed a second NIC into the Proxmox box is because I want to transition from my current VMWare Esxi with PfSense on another box (my current main router/firewall) to having that box run Proxmox. But as an interim I was going to run up PfSense on this machine, get it working, then I could blow away the VMWare EsXi and run up ProxMox on it. The second reason, is Proxmox docs suggest second dedicated NIC for migrating VMs between nodes etc. So I thought as first step, install a second NIC

wolfgang · Jan 27, 2020

STP and RSTP see https://en.wikipedia.org/wiki/Spanning_Tree_Protocol

I don't get a clear picture of your network topology, which would important for further recommendations.
I the second nic connected to the ESXi server?

hipitihop · Jan 27, 2020

wolfgang said:
STP and RSTP see https://en.wikipedia.org/wiki/Spanning_Tree_Protocol

I don't get a clear picture of your network topology, which would important for further recommendations.
I the second nic connected to the ESXi server?

Neither of the Proxmox NICs is directly attached to the ESXi server, only via hardware switch. I have tried the second NIC connected to the switch and not, and in both cases, Proxmox host cannot see the gateway or the outside world, while any VM's & LXCs on Proxmox can see both. While the first NIC continues to give access to Proxmox and provides internet etc to the guest VMs.

I understand seeing the topology would make recommendations easier for you. I'm not sure how best to describe the topology but here goes:

1. Host 1: [ESXi host/pfsense] with 2 NICs. NIC 1 -> Internet model i.e. WAN, the other to LAN via switch sub-net 192.168.0.0/24 PFsense is the gateway @ 192.168.0.1
2, Host 2: Proxmox with 2 NICs. Nic 1 connected to second switch on same sub-net static IP 192.168.0.105. Before Nic 2 was introduced. Everything worked, Proxmox host and all VM's. Once I added the second NIC, if it is connected to the the switch or not, Proxmox cannot ping the gateway or see the outside world, only guests can.

Not sure if that helps. I appreciate your time to try and help me resolve this. I apologise for not using the right terminology or poorly describing my topology.

Regards Denis

hipitihop · Jun 7, 2020

wolfgang said:
STP and RSTP see https://en.wikipedia.org/wiki/Spanning_Tree_Protocol

I don't get a clear picture of your network topology, which would important for further recommendations.
I the second nic connected to the ESXi server?

Resurrecting this thread since the problem continues. All Proxmox guests can see anything on the LAN and can get out to WAN. The proxmox host, cannot ping the gateway on 192.168.0.1 or anything on WAN. Cannot ping intet IPs or resolve DNS so in turn cannot do updates.

I'm baffled and would appreciate anyone with the magic incantation to resolve this.

What has changed since the original report:
- I understand why having 2 nics connected to same switch would cause a loop.
- I have replaced old router with a dedicated box 6 port box running OPNSense not virtualised.
- The enp1s0 nic on Proxmox is connected to switch on same subnet as new router.
- New router is still the WAN gateway 192.168.0.1 for all machines virtual/physical on my LAN 192.168.0.x
- On the Promox box, while the physical second nic remains, it is not wired to anything and I have removed the autostart configuration for it and removed it from the bridge.

Code:

cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet manual

iface enp3s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address  192.168.0.105
        netmask  24
        gateway  192.168.0.1
        bridge-ports enp1s0
        bridge-stp off
        bridge-fd 0

Code:

root@pve:~# ip route show
default via 192.168.0.1 dev vmbr0 onlink 
192.168.0.0/24 dev vmbr0 proto kernel scope link src 192.168.0.105

Code:

root@pve:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 44:8a:5b:a2:25:96 brd ff:ff:ff:ff:ff:ff
3: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether 68:05:ca:0a:7e:eb brd ff:ff:ff:ff:ff:ff
4: wlp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 80:86:f2:67:04:30 brd ff:ff:ff:ff:ff:ff
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 68:05:ca:0a:7e:eb brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.105/24 brd 192.168.0.255 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::6a05:caff:fe0a:7eeb/64 scope link 
       valid_lft forever preferred_lft forever
7: veth401i0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether fe:60:35:89:89:97 brd ff:ff:ff:ff:ff:ff link-netnsid 0
8: tap302i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 56:5a:8b:90:0c:a5 brd ff:ff:ff:ff:ff:ff
9: tap301i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether a6:0f:38:fb:66:ac brd ff:ff:ff:ff:ff:ff
11: veth101i0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
    link/ether fe:95:76:64:1d:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 1
12: fwbr101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4a:bf:6a:50:9b:6b brd ff:ff:ff:ff:ff:ff
13: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 9e:3e:df:1b:63:53 brd ff:ff:ff:ff:ff:ff
14: fwln101i0@fwpr101p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
    link/ether 4a:bf:6a:50:9b:6b brd ff:ff:ff:ff:ff:ff

Code:

root@pve:~# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.105 pve.pond pve

# The following lines are desirable for IPv6 capable hosts

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

drklsn · May 2, 2022

hipitihop said:

Resurrecting this thread since the problem continues. All Proxmox guests can see anything on the LAN and can get out to WAN. The proxmox host, cannot ping the gateway on 192.168.0.1 or anything on WAN. Cannot ping intet IPs or resolve DNS so in turn cannot do updates.

I'm baffled and would appreciate anyone with the magic incantation to resolve this.

What has changed since the original report:
- I understand why having 2 nics connected to same switch would cause a loop.
- I have replaced old router with a dedicated box 6 port box running OPNSense not virtualised.
- The enp1s0 nic on Proxmox is connected to switch on same subnet as new router.
- New router is still the WAN gateway 192.168.0.1 for all machines virtual/physical on my LAN 192.168.0.x
- On the Promox box, while the physical second nic remains, it is not wired to anything and I have removed the autostart configuration for it and removed it from the bridge.

Code:

cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet manual

iface enp3s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address  192.168.0.105
        netmask  24
        gateway  192.168.0.1
        bridge-ports enp1s0
        bridge-stp off
        bridge-fd 0

Code:

root@pve:~# ip route show
default via 192.168.0.1 dev vmbr0 onlink
192.168.0.0/24 dev vmbr0 proto kernel scope link src 192.168.0.105

Code:

root@pve:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 44:8a:5b:a2:25:96 brd ff:ff:ff:ff:ff:ff
3: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether 68:05:ca:0a:7e:eb brd ff:ff:ff:ff:ff:ff
4: wlp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 80:86:f2:67:04:30 brd ff:ff:ff:ff:ff:ff
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 68:05:ca:0a:7e:eb brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.105/24 brd 192.168.0.255 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::6a05:caff:fe0a:7eeb/64 scope link
       valid_lft forever preferred_lft forever
7: veth401i0@if6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether fe:60:35:89:89:97 brd ff:ff:ff:ff:ff:ff link-netnsid 0
8: tap302i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 56:5a:8b:90:0c:a5 brd ff:ff:ff:ff:ff:ff
9: tap301i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether a6:0f:38:fb:66:ac brd ff:ff:ff:ff:ff:ff
11: veth101i0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
    link/ether fe:95:76:64:1d:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 1
12: fwbr101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4a:bf:6a:50:9b:6b brd ff:ff:ff:ff:ff:ff
13: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 9e:3e:df:1b:63:53 brd ff:ff:ff:ff:ff:ff
14: fwln101i0@fwpr101p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
    link/ether 4a:bf:6a:50:9b:6b brd ff:ff:ff:ff:ff:ff

Code:

root@pve:~# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.105 pve.pond pve

# The following lines are desirable for IPv6 capable hosts

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

Were you ever able to resolve this? I am having the same issue. All VMs are able to ping internet and gateway. However, Proxmox itself is unable to ping gateway or internet. Proxmox is able to ping VMs and other network devices, though.

Search

Search

Proxmox host can't ping gateway or external ip

hipitihop

Member

Attachments

wolfgang

Proxmox Retired Staff

hipitihop

Member

wolfgang

Proxmox Retired Staff

hipitihop

Member

hipitihop

Member

drklsn

Member