Hi, I installed Proxmox on top of a Debian installation and after I created 4 vmbr for the 4 internal lan. I also installed NGINX to the Debian for accept https request on port 443 and forward to the Proxmox GUI port (I’ve also configured lets encrypt certificate on NGINX). Now I would configure NGINX for sending syslog log to an internal vm configured to the vmbr1. I can’t understand why Debian operating system where I installed Proxmox can’t reach internal vms connected to the vmbrX. Can someone help me? Thank you
Proxmox SO vmbr internal comunication
- Thread starter backkherozzo1985
- Start date
* Please post the network config of your proxmox node and the network config of the VM which proxmox cannot reach
* can you ping the vm?
* do you have a firewall enabled?
* can the vm reach the internet its gateway?
* can you ping the vm?
* do you have a firewall enabled?
* can the vm reach the internet its gateway?
Hi, thank you for your quick answer.
This is the Proxmox interfaces config:
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
iface enp2s0 inet static
address public ip
netmask 255.255.255.224
up route add -net public broadcast ip netmask 255.255.255.224 gw public ip dev enp2s0
# route X.X.X.X/27 via X.X.X.X
auto vmbr0
iface vmbr0 inet static
address public ip
netmask 255.255.255.0
gateway public gateway
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
auto vmbr1
iface vmbr1 inet static
address 192.168.1.0
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
#inside LAN1
auto vmbr2
iface vmbr2 inet static
address 192.168.2.0
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '192.168.2.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.2.0/24' -o vmbr0 -j MASQUERADE
#inside LAN2
auto vmbr3
iface vmbr3 inet static
address 192.168.3.0
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
#inside LAN3
auto vmbr4
iface vmbr4 inet static
address 192.168.4.0
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
#inside LAN4
auto vmbr200
iface vmbr200 inet static
address 192.168.200.0
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '192.168.200.254/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.200.254/24' -o vmbr0 -j MASQUERAD
#wan VPN
The vm network is configured to vmbr1 and I configured the following static ip
Ip address 192.168.1.5
Netmask 255.255.255.0
Gw 192.168.1.1
I can’t ping the vm, for testing I disabled the firewall to the vm and also from Proxmox
The vm che reach vmbr gateway 192.168.1.1 and also internet
This is the Proxmox interfaces config:
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
iface lo inet6 loopback
iface enp2s0 inet static
address public ip
netmask 255.255.255.224
up route add -net public broadcast ip netmask 255.255.255.224 gw public ip dev enp2s0
# route X.X.X.X/27 via X.X.X.X
auto vmbr0
iface vmbr0 inet static
address public ip
netmask 255.255.255.0
gateway public gateway
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.1.0/24' -o vmbr0 -j MASQUERADE
auto vmbr1
iface vmbr1 inet static
address 192.168.1.0
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
#inside LAN1
auto vmbr2
iface vmbr2 inet static
address 192.168.2.0
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '192.168.2.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.2.0/24' -o vmbr0 -j MASQUERADE
#inside LAN2
auto vmbr3
iface vmbr3 inet static
address 192.168.3.0
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
#inside LAN3
auto vmbr4
iface vmbr4 inet static
address 192.168.4.0
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
#inside LAN4
auto vmbr200
iface vmbr200 inet static
address 192.168.200.0
netmask 24
bridge-ports none
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A POSTROUTING -s '192.168.200.254/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.200.254/24' -o vmbr0 -j MASQUERAD
#wan VPN
The vm network is configured to vmbr1 and I configured the following static ip
Ip address 192.168.1.5
Netmask 255.255.255.0
Gw 192.168.1.1
I can’t ping the vm, for testing I disabled the firewall to the vm and also from Proxmox
The vm che reach vmbr gateway 192.168.1.1 and also internet
Please check the reference documentation - the setup there should work: https://pve.proxmox.com/pve-docs/ch..._nat_with_span_class_monospaced_iptables_span
Things that seem odd on a first look:
* don't configure an ip on an interface which you put in a bridge (enp2s0)
* the `route` command does not make sense (even if I replace the placeholders) - you just set the link-local route again (which happens if you configure the IP and netmask in the interfaces file)
* using the .0 address of a /24 is odd - AFAIK this is the network-address, and I'm not too sure that the network stack works with that as IP - use the .1 on the node and the same address as gateway for your guests
hope this helps!
Things that seem odd on a first look:
* don't configure an ip on an interface which you put in a bridge (enp2s0)
* the `route` command does not make sense (even if I replace the placeholders) - you just set the link-local route again (which happens if you configure the IP and netmask in the interfaces file)
* using the .0 address of a /24 is odd - AFAIK this is the network-address, and I'm not too sure that the network stack works with that as IP - use the .1 on the node and the same address as gateway for your guests
hope this helps!
Hi, I modified all vmbr addresses and now I can reach internal vms from the operating system where I installed Proxmox. Before this change the default gateway of the internal networks was configured on pfsense (vm by proxmox) instead so the default gateways are the vmbr (192.168.X.1). Now this addresses are configured to the vmbr for managing internal lan as I previous configure I can change vmbr addresses for example 192.168.X.254 and maintain 192.168.X.1 as a Pfsense gateway? Thank you for your help
This should also work? (it would have helped if you mentioned that before)
just configure a different ip on the PVE-node (not the .0, .254 should work probably as well).
It would also work if you do the NAT on the pfsense..
just think of the vmbr as switches - whatever you plug in there should be able to communicate with the other ports on layer 2
make sure that you've configured the pfsense to forward ip traffic and to allow pings etc.
hope this helps!
Thank you for your support after vmbr change it seems that everythings work as expected. What function does the ip that is configured on the vmbr have? Because from the internal LAN if I try to access that from the browser I see the Proxmox GUI so I think it becomes a management ip. Thank you