Proxmox shell isn't getting DNS

E

ericcl

New Member
Jan 3, 2024
4
0
1
New to proxmox, but I know non-virtualized networking and Linux quite well. I have a CS degree but I'm a developer, not a network engineer. I'm used to laying out ethernet with physical switches connected to dedicated ports and all that. Been reading the forums and watching videos to get set up. I'm mostly there.

I have a new 4-NIC mini pc (32GB RAM/1TB NVME) connected to my ISP modem/router box. My ISP does not allow users to modify settings on their box. I can't even see the dashboard. They granted me one favor by bridging ETH1 so that my box can pull the IP address. I don't use their wifi or plug into any other ports on their box. This has worked for 5 years using Tomato routers as well as a Google Home Wifi mesh.

The first NIC is configured to pull the IP from the ISP into enp2s0/vmbr0. That seems to be working.

The second NIC at enp3s0/vmbr2 is configured to go an opnsense VM and out to a TP-Link SG108PE to serve the LAN. On the LAN, I have ethernet to my office, 2 TP-Link POE EAP610s going to ends of the house, and one POE EAP610 outdoor model up on my antenna mast. All are working and I can log into their admin screens.

So far, so good. All the devices on the LAN can access the network.

My problem is I can't access the internet from the proxmox shell. I can ping some IP addresses, like 8.8.8.8 and 1.1.1.1. The DNS comes through with what I believe to be my ISP's DNS server (199.73.103.190). The proxmox admin screen shows their DNS address and 8.8.8.8 for the backup. I cannot ping the ISP DNS server from the shell. If I try to ping the ISP gateway, I get a message: ping: Do you want to ping broadcast? Then -b. If not, check your local firewall rules

When I issue "ip a show vmbr0", I show the what I assume is my ISP-assigned IP address. However, when I go to sites that show your IP address, it's on an adjacent subnet assigned to my ISP. I'm not sure how to verify which is correct, since I can't see their modem dashboard.

FWIW, my LAN is on 192.168.3.X because my ISP modem assigns every address in 192.168.1.X and won't make the config change to limit assignment to a subset of the subnet.

I have a dynamic IP, but I have previously paid for a static IP from the ISP. They charge $10/month and if it helps get me going, I'll happily pay it.

/etc/network/interfaces
Code: 
auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet dhcp
iface enp3s0 inet manual
iface enp4s0 inet manual
iface enp5s0 inet manual

auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0
#ETH0 - WAN

iface wlp6s0 inet manual

auto vmbr2
iface vmbr2 inet static
        address 192.168.3.1/24
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#ETH1 - LAN

/etc/hosts
Code: 
127.0.0.1 localhost.localdomain localhost
192.168.3.1 pve.cloud pve
# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

ip address
Code: 
root@pve:~# [B]ip a show enp2s0[/B]
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether a8:b8:e0:00:8d:85 brd ff:ff:ff:ff:ff:ff
root@pve:~# [B]ip a show vmbr0[/B]
7: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a8:b8:e0:00:8d:85 brd ff:ff:ff:ff:ff:ff
    inet 199.116.92.80/24 brd 199.116.92.255 scope global dynamic vmbr0
       valid_lft 3247sec preferred_lft 3247sec
    inet6 fe80::aab8:e0ff:fe00:8d85/64 scope link
       valid_lft forever preferred_lft forever
root@pve:~# [B]ip a show enp3s0[/B]
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr2 state UP group default qlen 1000
    link/ether a8:b8:e0:00:8d:86 brd ff:ff:ff:ff:ff:ff
root@pve:~# [B]ip a show vmbr2[/B]
8: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a8:b8:e0:00:8d:86 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.1/24 scope global vmbr2
       valid_lft forever preferred_lft forever
    inet6 fe80::aab8:e0ff:fe00:8d86/64 scope link
       valid_lft forever preferred_lft forever

Another issue that I haven't addressed yet is devices on the LAN seem to have a delay when connecting to the internet. I wonder if it's another case of the ISP DNS server being unreachable. I can't ping the ISP DNS from a wired Windows PC or a Linux box that is also wired. opnsense is set up to use AdGuardHome, Cloudflare, and Quad9 for DNS.

Appreciate any clues!
 
Last edited:
On your Proxmox host can you run these commands then send the output?

code_language.shell: 
cat /etc/resolv.conf

dig google.com @1.1.1.1

dig google.com @199.73.103.190
 
coremed said:
On your Proxmox host can you run these commands then send the output?

code_language.shell: 
cat /etc/resolv.conf

dig google.com @1.1.1.1

dig google.com @199.73.103.190
Click to expand...

Hi coremed. Thanks for the reply.

cat /etc/resolv.conf
Code: 
domain xstreamservices.com
search xstreamservices.com
nameserver 199.73.103.190
nameserver 8.8.8.8

dig google.com @1.1.1.1
Code: 
; <<>> DiG 9.18.12-1-Debian <<>> google.com @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64816
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             116     IN      A       173.194.67.100
google.com.             116     IN      A       173.194.67.101
google.com.             116     IN      A       173.194.67.102
google.com.             116     IN      A       173.194.67.113
google.com.             116     IN      A       173.194.67.139
google.com.             116     IN      A       173.194.67.138

;; Query time: 8 msec
;; SERVER: 1.1.1.1#53(1.1.1.1) (UDP)
;; WHEN: Wed Jan 03 11:42:32 CST 2024
;; MSG SIZE  rcvd: 135

dig google.com @199.73.103.190
Code: 
;; communications error to 199.73.103.190#53: timed out

I've since made a call to my ISP to see about reinstating my static IP address. I'll make sure that is the correct DNS address. I didn't type that in, it's getting pulled from the modem or upstream DHCP server.
 
Last edited:
A bit of followup. My ISP restored my static IP. After a reboot, "ip a" shows the change. I can still browse the internet from the LAN, but can't access the internet from proxmox shell.

In fact, after applying my static IP and rebooting, I can't ping known IP addresses any longer. There's got to be a setting that I'm missing.
 
After getting my static IP restored and making some changes, there are some slightly different values on things. Also, I guess I had to wait for my post to be approved by the mods, since I'm a new account. So, I hope you'll forgive me for bumping the thread one time.

Since my previous post, I've been reading every post here and on the Reddit sub related to "proxmox host" and "network is unavailable" or "network unreachable". None of the suggestions has help. I added vmbr1, assigned it to ETH2, gave a static local address, and plugged it in to the switch. I'd read that adding a new bridge solved certain problems. I don't like changing out parts without knowing why, but I'm a bit frustrated now. Anyway, to no great surprise, it's effectively an alias of vmbr2 and entering 192.168.3.3:8006 now also brings me to the proxmox GUI.

I've held off doing anything in opnsense until I know for a fact that proxmox is working correctly. I'll eventually get around to learning about VLANs and running containers for stuff like pihole, nextcloud, etc.

/etc/network/interfaces

Code: 
auto lo
iface lo inet loopback

auto enp2s0
iface enp2s0 inet manual

auto enp3s0
iface enp3s0 inet manual

auto enp4s0
iface enp4s0 inet manual
iface enp5s0 inet manual

auto vmbr0
iface vmbr0 inet manual
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0
        dns-nameserver 199.73.103.190
        dns-nameserver 1.1.1.1
        dns-nameserver 9.9.9.9
#ETH0 - WAN

iface wlp6s0 inet manual

auto vmbr2
iface vmbr2 inet static
        address 192.168.3.1/24
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#ETH1 - LAN

auto vmbr1
iface vmbr1 inet static
        address 192.168.3.3/24
        bridge-ports enp4s0
        bridge-stp off
        bridge-fd 0
#ETH2 - Proxmox WAN access

/etc/hosts
Code: 
127.0.0.1 localhost.localdomain localhost
192.168.3.1 pve.cloud pve
192.168.3.3 proxmox-out
199.173.102.112 wan-interface

# The following lines are desirable for IPv6 capable hosts

::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

ip addr

Code: 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether a8:b8:e0:00:8d:85 brd ff:ff:ff:ff:ff:ff
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr2 state UP group default qlen 1000
    link/ether a8:b8:e0:00:8d:86 brd ff:ff:ff:ff:ff:ff
4: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UP group default qlen 1000
    link/ether a8:b8:e0:00:8d:87 brd ff:ff:ff:ff:ff:ff

7: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a8:b8:e0:00:8d:85 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::aab8:e0ff:fe00:8d85/64 scope link
       valid_lft forever preferred_lft forever
8: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a8:b8:e0:00:8d:86 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.1/24 scope global vmbr2
       valid_lft forever preferred_lft forever
    inet6 fe80::aab8:e0ff:fe00:8d86/64 scope link
       valid_lft forever preferred_lft forever
9: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a8:b8:e0:00:8d:87 brd ff:ff:ff:ff:ff:ff
    inet 192.168.3.3/24 scope global vmbr1
       valid_lft forever preferred_lft forever
    inet6 fe80::aab8:e0ff:fe00:8d87/64 scope link
       valid_lft forever preferred_lft forever

cat /etc/resolv.conf

Code: 
domain xstreamservices.com
search xstreamservices.com
nameserver 1.1.1.1
nameserver 9.9.9.9
nameserver 199.73.103.190

ip route

Code: 
192.168.3.0/24 dev vmbr2 proto kernel scope link src 192.168.3.1
192.168.3.0/24 dev vmbr1 proto kernel scope link src 192.168.3.3

This one is a bit interesting to me. Before adding the vmbr1, there was a line and I forget exactly what it said, but it was something like default via 199.73.102.0. I had manually modified /etc/network/interfaces to put the WAN static IP into enp2s0 (ETH0). The proxmox GUI doesn't like that configuration, so I removed it.

I really think this is a routing issue of some sort. Beer's on me for whomever can get me moving forward.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom