PVE SDN can't pass DHCP to VM in VM? (cascade virtual machine)

U

upve

New Member
Jun 29, 2024
11
2
3
PVE host on bare metal <---in--- PVE vm <--in-- Ubuntu

So, PVE vm can get IP address from SDN DHCP which is enabled on PVE host on bare metal.

However, Ubuntu which is running in PVE vm can't get IP address from PVE host on bare metal.

firewall configured correctly on PVE host on bare metal. firewall disabled on PVE vm at datacenter level.
 
Same with me. I was going to create a thread for this, lucky you already opened it.

For me, I am using PNET LAB inside Proxmox VE. The VM on Proxmox can get the DHCP on the Proxmox SDN, but not the nested VM. I tried to set static address pointing to Proxmox SDN as gateway, it works and can ping to the internet. But not on DHCP.

I was thinking maybe this had to do with promiscious mode, or proxy arp or something like that but I don't know the details.
 
Halfeez92 said:
Same with me. I was going to create a thread for this, lucky you already opened it.

For me, I am using PNET LAB inside Proxmox VE. The VM on Proxmox can get the DHCP on the Proxmox SDN, but not the nested VM. I tried to set static address pointing to Proxmox SDN as gateway, it works and can ping to the internet. But not on DHCP.

I was thinking maybe this had to do with promiscious mode, or proxy arp or something like that but I don't know the details.
Click to expand...
Same here, manually assigned IP address within the DHCP range from PVE SDN with SNAT enabled, internet connection worked.

However, can't get IP address from PVe SDN DHCP server.
 
I found these lines in proxmox networking logs. Surely they got ignored.

Nov 10 12:04:45 pve dnsmasq-dhcp[754096]: DHCPDISCOVER(isolate) 00:50:79:66:68:01 ignored
Nov 10 12:04:46 pve dnsmasq-dhcp[754096]: DHCPDISCOVER(isolate) 00:50:79:66:68:01 ignored
Nov 10 12:04:49 pve dnsmasq-dhcp[754096]: DHCPDISCOVER(isolate) 00:50:79:66:68:01 ignored

[ATTACH type="full"]77472[/ATTACH]
 

Attachments

  • Screenshot_10-11-2024_12176_lab.egsphere.my.jpeg
    Screenshot_10-11-2024_12176_lab.egsphere.my.jpeg
    100.5 KB · Views: 2
Last edited:
After hours of investigation and ChatGPT-ing, I have found the solution.

Basically, you need to alter the dnsmasq configuration for your selected Vnets or Zones.

To do so, first you need to disable the line dhcp-ignore=tag:!known by commenting the line with the hashtag like so # dhcp-ignore=tag:!known in the file /etc/dnsmasq.d/<your vnets@zone folder>/00-default.conf.

What the line does? ChatGPT replied to me with this answer:
  • This line tells dnsmasq to ignore DHCP requests from clients that are not known (not listed in the ethers file, which is typically used to map MAC addresses to specific IP addresses).
  • If the MAC address of a client (e.g., the nested VM) is not listed in the dhcp-hostsfile (/etc/dnsmasq.d/isolate/ethers), its DHCP requests will be ignored.
Click to expand...

After disabling the dhcp-ignore, you need to change the dhcp-range configuration on 10-<your vnets@zone name>.conf. This is because the default configuration is giving the static IP from the Proxmox SDN configuration. To do so, change the line dhcp-range from the file:

dhcp-option=tag:<vnets@zone name>-192.168.x.0-24,option:router,192.168.x.1
dhcp-option=tag:<vnets@zone name>-192.168.x.0-24,option:dns-server,8.8.8.8
dhcp-range=set:<vnets@zone name>-192.168.x.0-24,192.168.x.0,static,255.255.255.0,infinite

Please take note at the line 192.168.x.0,static. Change it like so 192.168.x.2,192.168.x.254. What this does is, we are stating the start IP address and the last of IP address to give out. So basically, we are giving the IP range starting from 192.168.x.2 till 192.168.x.254. You might want to change this accordingly to your environment.

Last but not least, restart the service by entering this command systemctl restart dnsmasq@<your vnets@zone name>. If you are not sure on the vnets or zone name, you can press Tab so it will populate the list you currently have.

However, I have not yet tried to re-apply the SDN configuration on the WebUI. As I concern, this will rewrite back the configuration you edited. Let me know if it is reverted back to default Proxmox SDN configuration.
 
Last edited:
Halfeez92 said:
After hours of investigation and ChatGPT-ing, I have found the solution.

Basically, you need to alter the dnsmasq configuration for your selected Vnets or Zones.

To do so, first you need to disable the line dhcp-ignore=tag:!known by commenting the line with the hashtag like so # dhcp-ignore=tag:!known in the file /etc/dnsmasq.d/<your vnets@zone folder>/00-default.conf.

What the line does? ChatGPT replied to me with this answer:


After disabling the dhcp-ignore, you need to change the dhcp-range configuration on 10-<your vnets@zone name>.conf. This is because the default configuration is giving the static IP from the Proxmox SDN configuration. To do so, change the line dhcp-range from the file:

dhcp-option=tag:<vnets@zone name>-192.168.x.0-24,option:router,192.168.x.1
dhcp-option=tag:<vnets@zone name>-192.168.x.0-24,option:dns-server,8.8.8.8
dhcp-range=set:<vnets@zone name>-192.168.x.0-24,192.168.x.0,static,255.255.255.0,infinite

Please take note at the line 192.168.x.0,static. Change it like so 192.168.x.2,192.168.x.254. What this does is, we are stating the start IP address and the last of IP address to give out. So basically, we are giving the IP range starting from 192.168.x.2 till 192.168.x.254. You might want to change this accordingly to your environment.

Last but not least, restart the service by entering this command systemctl restart dnsmasq@<your vnets@zone name>. If you are not sure on the vnets or zone name, you can press Tab so it will populate the list you currently have.

However, I have not yet tried to re-apply the SDN configuration on the WebUI. As I concern, this will rewrite back the configuration you edited. Let me know if it is reverted back to default Proxmox SDN configuration.
Click to expand...
Haven't tried yet, but seems promising. I'd prefer proxmox team to add such feature. As this might be one of the most frequent issue people will hit.
Otherwise, it seems that using a simple DHCP server as a VM will be way easier and less trouble. The SDN feature and function is somewhat incomplete at this stage seems to me.
 
upve said:
Haven't tried yet, but seems promising. I'd prefer proxmox team to add such feature. As this might be one of the most frequent issue people will hit.
Otherwise, it seems that using a simple DHCP server as a VM will be way easier and less trouble. The SDN feature and function is somewhat incomplete at this stage seems to me.
Click to expand...
You are correct. I have already asked a lot of forum, most of them suggesting to use firewall vm such as pfsense, opnsense or sophos to hane the dhcp and access list.

Proxmox iptables are really buggy.
 
  • Like
Reactions: upve
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back