[SOLVED] [PVE5] Internet on VM but not to ProxMox host

[Name]

Hi all,

I've installed ProxMox VE 5 into a computer with 2 ethernet card, 1 is connected to my FreeBox (router Off) : enp1s0 ; the second to my local switch hub enp2s0.

I have a pfSense VM for firewall configuring with vmbr0->enp1s0 and vmbr1->enp2s0.

I have internet under my computer connecting toi the hub and under pfSense ; but my ProxMox host don't.

/etc/network/interfaces :

auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet dhcp

iface enp2s0 inet manual

auto vmbr0
iface vmbr0 inet manual
bridge_ports enp1s0
bridge_stp off
bridge_fd 0

auto vmbr1
iface vmbr1 inet static
address 192.168.1.254
netmask 255.255.255.0
bridge_ports enp2s0
bridge_stp off
bridge_fd 0

auto vmbr2
iface vmbr2 inet static
address 191.168.1.254
netmask 255.255.255.0
bridge_ports DMZ
bridge_stp off
bridge_fd 0

Is it possible for my ProxMox host to connect internet throw the vmbr1 (connect to LAN interface of my pfsense) ?

Regards

 

[udo]

Hi,
use the right default gateway.

Udo

 

[Name]

I dont know how to find the Gateway, I turn off my FreeBox router so my public IP is directly input to the WAN of pfSense.
I share with you a scheme of my Home lab :

 

[udo]

Hi,
if you use as default-gw 192.168.1.1 (on vmbr1) all traffic (except for 10.0.0.0/24) will be routed through your pfsense-vm (if i read the ips on the pic right).

Use firewall rules to allow the dns-access (look at /etc/resolv.conf) and the outgoing pve-access.

Udo

 

[Name]

Ok, so I'll set the pfSense Gateway to the ProxMox host /etc/resolv.conf :

domain WORKGROUP
search WORKGROUP
nameserver 192.168.1.1

And I'll create a pfSense rules to allow port 53 from LAN to anywhere

ProxMox host : /etc/network/interfaces

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage part of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface enp1s0 inet manual
#Internet

iface enp2s0 inet manual
#Réseau local

auto vmbr0
iface vmbr0 inet manual
bridge_ports enp1s0
bridge_stp off
bridge_fd 0
#WAN

auto vmbr1
iface vmbr1 inet static
address 192.168.1.254
netmask 255.255.255.0
bridge_ports enp2s0
bridge_stp off
bridge_fd 0
#LAN

auto vmbr2
iface vmbr2 inet static
address 10.0.0.254
netmask 255.255.255.0
bridge_ports DMZ
bridge_stp off
bridge_fd 0
#Carte réseau virtuelle pour la DMZ

After rebooting ProxMox I'll try a ping on Google and get the following :

# ping www.google.fr
connect: Network is unreachable

And the result for ifconfig on ProxMox host gave the following :

enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 9a:9c:de:26:62:5e txqueuelen 1000 (Ethernet)
RX packets 65730 bytes 90853020 (86.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38048 bytes 3158366 (3.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 4e:03:cf:3d:a5:c1 txqueuelen 1000 (Ethernet)
RX packets 41039 bytes 4366256 (4.1 MiB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 70498 bytes 98086586 (93.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Boucle locale)
RX packets 2494 bytes 949898 (927.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2494 bytes 949898 (927.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tap100i0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
ether a6:7b:1e:e6:0a:2c txqueuelen 1000 (Ethernet)
RX packets 38035 bytes 2972338 (2.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 65735 bytes 90853378 (86.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tap100i1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
ether 32:85:bd:0b:c1:5b txqueuelen 1000 (Ethernet)
RX packets 68975 bytes 96769318 (92.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 38970 bytes 3569159 (3.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tap100i2: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
ether 66:31:a3:e0:4c:e2 txqueuelen 1000 (Ethernet)
RX packets 4 bytes 388 (388.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 600 (600.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vmbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::2ec:acff:fecf:1410 prefixlen 64 scopeid 0x20<link>
ether 9a:9c:de:26:62:5e txqueuelen 1000 (Ethernet)
RX packets 10 bytes 884 (884.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1006 (1006.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vmbr1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.254 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::2ec:acff:fecf:1411 prefixlen 64 scopeid 0x20<link>
ether 4e:03:cf:3d:a5:c1 txqueuelen 1000 (Ethernet)
RX packets 2354 bytes 806524 (787.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1406 bytes 1302437 (1.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vmbr2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.254 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::7841:4dff:feea:c6b1 prefixlen 64 scopeid 0x20<link>
ether 66:31:a3:e0:4c:e2 txqueuelen 1000 (Ethernet)
RX packets 4 bytes 332 (332.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1256 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

 

[udo]

Hi,
unfortunality you don't show your default gateway...

ip route

Udo

 

[Name]

Sorry for my late reply : the result is :

#ip route
192.168.1.0/24 dev vmbr1 proto kernel scope link src 192.168.1.254

when I restart ProxMox, all VM have internet connection, but not proxmox :

#ping 8.8.8.8
connect: The network is unreachable

when I execute dhclient on proxmox, I lost internet connection on the VM, but get ping 8.8.8.8 working but not ping on DNS www.google.fr.
If I execute ip route after the dhclient command I got (if I remember) the following

default 82.235.128.254
192.168.1.0/24
82.235.128.0/24

I've disabled my Box router function so I get my public IP directly on the ethernet connection

 

[Jarek]

Add default gateway to Proxmox:

#ip route add default via 192.168.1.1

 

[Name]

I'm so happy, it's work fine, and the traffic from ProxMox is throw my pfSense.
I really want to kiss you

 

[Sheyk87]

Hi from argentina!
I've Proxmox VE 7.0 and hasn't internet on host (The VM and CT yes have internet!)

My config:

ip route
default via 10.1.1.1 dev vmbr0 proto kernel onlink
10.1.1.0/24 dev vmbr0 proto kernel scope link src 10.1.1.229

cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto eno2
iface eno2 inet static
    address 10.1.1.229
    netmask 255.255.255.0
        gateway 10.1.1.1
    network 10.1.1.0
        broadcast 10.1.1.255

iface eno1 inet manual

iface eno3 inet manual

iface eno4 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.1.1.229/24
    gateway 10.1.1.1
    bridge-ports eno2
    bridge-stp off
    bridge-fd 0

 ls -al /etc/resolv.conf
-rw-r--r-- 1 root root 59 Feb 10 15:00 /etc/resolv.conf

root@pve:~# cat /etc/resolv.conf
search XXXX.XXX.XX
nameserver 8.8.8.8
nameserver 10.1.1.99

 

[littlesatno]

Hi,
How did you guys fix this?

Best regards
littelsanto

 

[bmcgonag]

Having the same issue.

# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface eno4 inet manual

iface eno3 inet manual

iface eno1 inet manual

iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.10.253/24
        gateway 192.168.10.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

But when I ping google.com I get

root@aria:~# ping google.com
PING google.com (142.250.113.100) 56(84) bytes of data.
^C
--- google.com ping statistics ---
18 packets transmitted, 0 received, 100% packet loss, time 17400ms

root@aria:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
33 packets transmitted, 0 received, 100% packet loss, time 32765ms

My VMs can reach the internet, but not my Host machine, and i have no idea why.