Proxmox Hypervisor having internet, VM don't

K

kimuraops

New Member
Oct 27, 2025
5
0
1
Hello everyone,

I hope you are good, I am a Linux sysadmin, who are using Proxmox in DEV env after having used VMWare, and I came across this strange issue, which is having 3 Proxmox bare metal hypervisors running VMs and VM's can't connect to the internet but the hypervisors yes.

I have the same configuration that we've installed for one of our customer, and it works, but for another project it's not the case, can I have some help on this ? There's some informations:

1761576711459.png

Server's config
1761576768078.png

1761576784745.png

Ping's OK on a Server
1761576838444.png

Config on a VM:
1761577080542.png

Ping's KO
1761577064196.png

Thanks.
 

Attachments

  • 1761577052484.png
    1761577052484.png
    13.7 KB · Views: 3
which vmbr are the vms connected to? make sure they are connected to the correct vmbr's.

would make sense to post the proxmox VM configs, so that we can see how the vms are configured.

also what is the respective default gateway? can you ping that one on the .18 and .19 subnets?

thing is that the server routes its own traffic over vmbr17 while the vms most likely go over vmbr18 and vmbr19, so completely different nics.

try pinging the vmbr ips first, then the default gateway in those networks.
 
Hi, same configuration on each platform and vms:

1761580720048.png


The gateway is 10.10.17.254 on the host

1761580806591.png

on VM:

1761580854163.png

VM can ping 10.10.18.0/24 and 10.10.19.0/24 networks but can't ping 10.10.17.0/24

1761580953956.png

Host can ping all these subnets :

1761580997647.png

Do you need more ? thanks
 
so in one of your screenshots the 10.10.18.1 is the default gateway, not the 10.10.17.254.

can you ping the 10.10.18.1 from that respective vm?

atm it looks to me like there is no active routing between 10.10.17.0/24, 10.10.18.0/24 and 10.10.19.0/24 or its beeing filtered by a firewall somewhere.

what are you using as a router?
 
Last edited:
beisser said:
so in one of your screenshots the 10.10.18.1 is the default gateway, not the 10.10.17.254.

can you ping the 10.10.18.1 from that respective vm?

atm it looks to me like there is no active routing between 10.10.17.0/24, 10.10.18.0/24 and 10.10.19.0/24 or its beeing filtered by a firewall somewhere.

what are you using as a router?
Click to expand...

Hi @beisser there's the pring 10.10.18.1 from the VM
1761641237813.png

We are using a Cisco NGFW 1120 Firepower as router/firewall
 
good, that means the default gateway for the vm is pingable.
can you confirm that the 10.10.18.1 is an ip-address on an interface of your router?
if yes, there is either no routing configured on that router for the 18 and 19 subnet, or you are blocking traffic from 10.10.18.0/24 and 10.10.19.0/24 via firewall-configuration.

if this is NOT an ip-address on your one of your routers interfaces then its a configuration/design issue and whoever has designed this network needs to have a look at it and correct the mess.
 
does your gateway (the cisco) have the necessary routes back to the switch?
just having them on the switch wont work.
the firewall needs to know exactly how to reach each network and also have rules permitting the respective traffic.

what you should be able to do is ping a vm on the .19 subnet from a vm on the .18 subnet. that should work without the firewall getting involved.

also your routes look weird to me.
i dont understand the purpose of these remote routes other than the 0.0.0.0 default route.
if your switch does the vlan routing, then the only route it would need is the default route leading to the cisco firewall.
thats is some really weird network config you have there.
 
You must log in or register to reply here.
Top Bottom