Proxmox VE 8.2.2 can connet to the lan, but VM not

[narajujo]

first of all, Hi to everyone, i'm brand new on Proxmox, installed brand new for the first time a week ago and since then I browsed guides and forum threads for being able to configure the networking in the correct way.

at first nothing was working and I was struggling with a keyboard and screen on phisical server, but after some time I was able (thanks to this forum and other guides) to have the server connecting the lan.

My actual problem is that every VM I create on the system seems to be unable to connect to the network. I cannot even ping the proxmox static IP, or the default gateway.

from what I read in the other post it will be good to add some more information about the system, and about the configuation so here they are:

phisical PFsense firewall is connected to the internet, ProxMox VE is connected by the ENO1 port to the OPT2 port of the firewall and routed to the WAN (I can connecto to the internet from proxmox)

here the content of /etc/network/interfaces file of proxmox server:

auto lo
iface lo inet loopback

iface eno1 inet manual

iface eno2 inet manual

iface eno3 inet manual

iface eno4 inet manual

auto vmbr0
iface vmbr0 inet static
        address 172.168.0.200/24
        gateway 172.168.0.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

on both Proxmox server and VM the firewall is disabled, i've disabled it at server level to check if it was a firewall fautl



from the VM I can't ping anything, not even the proxmox server or the gateway. full log enabled on the pfsense firewall (that's before the proxmox server) doesn't show any traffic.

here the VM network configuration:


any ping to the gw or the proxmox server return in a 100% packet loss, and no log on the FW are present.

any help will be appreciated!

 

[lucaschoeneberg]

Since you mentioned VLAN awareness, ensure that the VMs are properly configured to use VLANs if necessary. You might need to tag VLANs in your VM configuration. Navigate to: VM -> Hardware -> Network Device.

Additionally, how does the configuration of the firewall look? Are all routes configured correctly?

Could you provide us with a picture of the network interface configuration (VM and FW)?

 

[narajujo]

Since you mentioned VLAN awareness, ensure that the VMs are properly configured to use VLANs if necessary. You might need to tag VLANs in your VM configuration. Navigate to: VM -> Hardware -> Network Device.

Additionally, how does the configuration of the firewall look? Are all routes configured correctly?

Could you provide us with a picture of the network interface configuration (VM and FW)?

thanks Lucas,

this is the VM network device configuration:


proxmox server interface configuration (this is not the FW, that stay on top of this machine) as you can see the vmbr0 has the 172 gatewat that's the FW. from this machine I can connecto to internet and other machine within the LAN (for now FW has no rule other that PASS. i've enabled logging on pass rule, and I see traffic when I ping something from this machine to the network



forewall Network structure


VM machine network configuration is static ip 172.168.0.30 with the firewall working as the gateway (I tried also with the proxmox static ip, with same result):

 

[lucaschoeneberg]

I see that your vmbr configuration does not include VLAN tagging. This suggests that the connection would work if you remove the VLAN tag from your VM. However, if you intended to connect multiple networks, including VLANs, to Proxmox via a trunk, it is important to have the correct configuration on both the firewall and Proxmox.

Suggestion: Try removing the VLAN tag from the VM and see if you can establish a connection.

Additionally, I have attached our configuration for you. We use LACP (Link Aggregation Control Protocol) to provide both a trunk and a bond between two fiber connections. It might make sense to create a vmbr that receives VLANs and then apply another interface on top of it. This is how we do it:

auto bond0
iface bond0 inet manual
        bond-slaves enp68s0f2 enp68s0f3
        bond-miimon 100
        bond-mode 802.3ad

auto vmbr1
iface vmbr1 inet manual
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#LACP Trunk

auto mgnt
iface mgnt inet static
        address 10.100.0.22/24
        gateway 10.100.0.1
        vlan-id 90
        vlan-raw-device bond0
#Management

 

[narajujo]

I see that your vmbr configuration does not include VLAN tagging. This suggests that the connection would work if you remove the VLAN tag from your VM. However, if you intended to connect multiple networks, including VLANs, to Proxmox via a trunk, it is important to have the correct configuration on both the firewall and Proxmox.

Suggestion: Try removing the VLAN tag from the VM and see if you can establish a connection.

Additionally, I have attached our configuration for you. We use LACP (Link Aggregation Control Protocol) to provide both a trunk and a bond between two fiber connections. It might make sense to create a vmbr that receives VLANs and then apply another interface on top of it. This is how we do it:

auto bond0
iface bond0 inet manual
        bond-slaves enp68s0f2 enp68s0f3
        bond-miimon 100
        bond-mode 802.3ad

auto vmbr1
iface vmbr1 inet manual
        bridge-ports bond0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#LACP Trunk

auto mgnt
iface mgnt inet static
        address 10.100.0.22/24
        gateway 10.100.0.1
        vlan-id 90
        vlan-raw-device bond0
#Management

yes, it was the vlan tag, I've removed it from configuration and now i'm able to reach the gateway! thanks a lot!