[SOLVED] Removed bridge port interface - Proxmox unable to connect to internet?

[rtorres]

Hello all,

When I first configured Proxmox, I bridged port eno1 and enp4s0 to be used as LAN. Like this:


Everything was working fine, however, considering I no longer was using eno1 port I decided to remove it as a 'slave' from vmbr0.



After hitting 'Apply Configuration', a window saying reloading SERV (?) kept loading and coming back up. The window never went away.

Instead of typing my custom domain, I typed in 172.22.1.10:8006 and Proxmox loaded. My custom domain that I set on pfSense using a cert was no longer working.

I kept getting a "ERR_CONNECTION_TIMED_OUT" error with my custom domain and now when I went to go check for updates on the Proxmox web GUI, it just hangs at 0% showing the server url its trying to pull updates from.

Pinging google.com doesn't work either.

I tried setting back to the original settings eno1 and enp4s0 but that didn't seem to work.

How can I get Proxmox working again? all other domains are working fine and VMs are getting internet, Proxmox is the only one having the issue.

This is the current setup in interfaces:

auto lo
iface lo inet loopback


iface enp4s0 inet manual


iface eno1 inet manual


iface enp3s0 inet manual


auto vmbr0
iface vmbr0 inet static
        address 172.22.1.10/16
        gateway 172.22.1.11
        bridge-ports enp4s0
        bridge-stp off
        bridge-fd 0
#LAN-FlexIO


auto vmbr1
iface vmbr1 inet manual
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0
#WAN-M2


source /etc/network/interfaces.d/*

Thank you!

 

[sw-omit]

could you show the result of the below commands as well?

ip a
ip r
systemctl status pveproxy
ping 172.22.1.11
ping 8.8.8.8
ping google.com

EDIT: Also, sidenote, are you sure that 1.11 is your router/gateway and not 1.1?

 

[rtorres]

could you show the result of the below commands as well?

ip a
ip r
systemctl status pveproxy
ping 172.22.1.11
ping 8.8.8.8
ping google.com

EDIT: Also, sidenote, are you sure that 1.11 is your router/gateway and not 1.1?

Thank you for replying!

I set up so that Proxmox sits on 172.22.1.10, pfSense at 172.22.1.11, UniFi Console at 172.22.1.12 and TrueNAS to 172.22.1.13.
PfSense is my gateway at 172.22.1.11

Here is ip a:

root@empve:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UP group default qlen 1000
    link/ether 1c:fd:08:7d:6a:dc brd ff:ff:ff:ff:ff:ff
3: enp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether c8:5a:cf:b1:b3:64 brd ff:ff:ff:ff:ff:ff
4: eno1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 7c:4d:8f:a9:be:0f brd ff:ff:ff:ff:ff:ff
    altname enp0s31f6
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether c8:5a:cf:b1:b3:64 brd ff:ff:ff:ff:ff:ff
    inet 172.22.1.10/16 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::ca5a:cfff:feb1:b364/64 scope link
       valid_lft forever preferred_lft forever
6: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 1c:fd:08:7d:6a:dc brd ff:ff:ff:ff:ff:ff
    inet6 fe80::1efd:8ff:fe7d:6adc/64 scope link
       valid_lft forever preferred_lft forever
7: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UNKNOWN group default qlen 1000
    link/ether 86:11:3b:d4:82:5e brd ff:ff:ff:ff:ff:ff
8: tap100i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 26:b5:6b:07:fc:b7 brd ff:ff:ff:ff:ff:ff
9: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UNKNOWN group default qlen 1000
    link/ether fe:11:1a:1c:4d:9f brd ff:ff:ff:ff:ff:ff
10: tap102i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 06:3d:a8:13:8c:88 brd ff:ff:ff:ff:ff:ff

and ip r:

root@empve:~# ip r
default via 172.22.1.11 dev vmbr0 proto kernel onlink
172.22.0.0/16 dev vmbr0 proto kernel scope link src 172.22.1.10

systemctl status pveproxy:

root@empve:~# systemctl status pveproxy
● pveproxy.service - PVE API Proxy Server
     Loaded: loaded (/lib/systemd/system/pveproxy.service; enabled; preset: enabled)
     Active: active (running) since Fri 2024-09-06 02:14:29 PDT; 7h ago
    Process: 1269 ExecStartPre=/usr/bin/pvecm updatecerts --silent (code=exited, status=0/SUCCESS)
    Process: 1271 ExecStart=/usr/bin/pveproxy start (code=exited, status=0/SUCCESS)
   Main PID: 1272 (pveproxy)
      Tasks: 4 (limit: 76682)
     Memory: 208.4M
        CPU: 7.870s
     CGroup: /system.slice/pveproxy.service
             ├─1272 pveproxy
             ├─1273 "pveproxy worker"
             ├─1274 "pveproxy worker"
             └─1275 "pveproxy worker"


Sep 06 02:14:29 empve systemd[1]: Starting pveproxy.service - PVE API Proxy Server...
Sep 06 02:14:29 empve pveproxy[1272]: starting server
Sep 06 02:14:29 empve pveproxy[1272]: starting 3 worker(s)
Sep 06 02:14:29 empve pveproxy[1272]: worker 1273 started
Sep 06 02:14:29 empve pveproxy[1272]: worker 1274 started
Sep 06 02:14:29 empve pveproxy[1272]: worker 1275 started
Sep 06 02:14:29 empve systemd[1]: Started pveproxy.service - PVE API Proxy Server.

ping 172.22.1.11:

root@empve:~# ping 172.22.1.11
PING 172.22.1.11 (172.22.1.11) 56(84) bytes of data.

(Just hangs there)

ping 8.8.8.8:

root@empve:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

(Just hangs there)

ping google.com

root@empve:~# ping google.com
ping: google.com: Temporary failure in name resolution
root@empve:~#

 

[sw-omit]

Can you also try to ping both your unifi and your pc? (If your pc is windows, temporary do turn off the firewall to make sure that ping goes through correctly) also could you show your pfsense-vm config with qm config 100

It seems that your proxmox isn't able to reach your pfsense, which is what all the other problems are stemming from.

Also you probably already did (judging by the pveproxy uptime), but just in case, did you already reboot?

 

[rtorres]

Can you also try to ping both your unifi and your pc? (If your pc is windows, temporary do turn off the firewall to make sure that ping goes through correctly) also could you show your pfsense-vm config with qm config 100

It seems that your proxmox isn't able to reach your pfsense, which is what all the other problems are stemming from.

Also you probably already did (judging by the pveproxy uptime), but just in case, did you already reboot?

I was able to ping Unifi (172.22.1.12), my PC (172.22.1.22) and for an extra TrueNAS (172.22.1.13)

PING 172.22.1.12 (172.22.1.12) 56(84) bytes of data.
64 bytes from 172.22.1.12: icmp_seq=1 ttl=64 time=1.04 ms
64 bytes from 172.22.1.12: icmp_seq=2 ttl=64 time=0.456 ms
64 bytes from 172.22.1.12: icmp_seq=3 ttl=64 time=0.468 ms
64 bytes from 172.22.1.12: icmp_seq=4 ttl=64 time=0.360 ms
64 bytes from 172.22.1.12: icmp_seq=5 ttl=64 time=0.371 ms
64 bytes from 172.22.1.12: icmp_seq=6 ttl=64 time=0.452 ms
^Z
[4]+  Stopped                 ping 172.22.1.12
root@empve:~# ping 172.22.1.22
PING 172.22.1.22 (172.22.1.22) 56(84) bytes of data.
64 bytes from 172.22.1.22: icmp_seq=1 ttl=128 time=4.07 ms
64 bytes from 172.22.1.22: icmp_seq=2 ttl=128 time=6.32 ms
64 bytes from 172.22.1.22: icmp_seq=3 ttl=128 time=3.01 ms
64 bytes from 172.22.1.22: icmp_seq=4 ttl=128 time=2.67 ms
64 bytes from 172.22.1.22: icmp_seq=5 ttl=128 time=5.18 ms
64 bytes from 172.22.1.22: icmp_seq=6 ttl=128 time=3.27 ms
^Z
[5]+  Stopped                 ping 172.22.1.22
root@empve:~# ping 172.22.1.13
PING 172.22.1.13 (172.22.1.13) 56(84) bytes of data.
64 bytes from 172.22.1.13: icmp_seq=1 ttl=64 time=0.990 ms
64 bytes from 172.22.1.13: icmp_seq=2 ttl=64 time=0.504 ms
64 bytes from 172.22.1.13: icmp_seq=3 ttl=64 time=0.388 ms
64 bytes from 172.22.1.13: icmp_seq=4 ttl=64 time=0.429 ms
64 bytes from 172.22.1.13: icmp_seq=5 ttl=64 time=0.484 ms
^Z
[6]+  Stopped                 ping 172.22.1.13

Here's the pfSense qm config 100 data (MAC obscured due to pfSense + Subscription):

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Fri Sep  6 10:09:12 PDT 2024 on pts/2
root@empve:~# qm config 100
agent: 1
balloon: 0
bios: ovmf
boot:
cores: 8
cpu: host,flags=+aes
efidisk0: local-lvm:vm-100-disk-0,efitype=4m,pre-enrolled-keys=1,size=4M
localtime: 1
machine: q35
memory: 8192
meta: creation-qemu=8.1.5,ctime=1724643811
name: empfs-pfSense
net0: virtio=BC:24:XX:XX:XX:CE,bridge=vmbr1,queues=8
net1: virtio=BC:24:XX:XX:XX:60,bridge=vmbr0,queues=8
numa: 1
onboot: 1
ostype: other
scsi0: local-lvm:vm-100-disk-1,discard=on,iothread=1,size=32G,ssd=1
scsihw: virtio-scsi-single
smbios1: uuid=69d0bda0-f999-4ba8-8340-9146724b85ca
sockets: 1
startup: order=1
tablet: 0
vmgenid: 4f8c6216-d5bb-44d8-a573-439a687e2678

Last restart was last night. I cleared DHCP leases, DHCP6 leases, ARP table, NDP table thinking that was some how connected, then rebooted.

Thanks!

 

[sw-omit]

Could you, within pfsense, verify that the "lan" port is connected to the mac ending in CE?
And to check, did you enable a floating / all-interfaces line to always allow ICMP?

Also, since you can connect a different vm on the same bridge, we know that it should be possible, so either pfsense is blocking something for some reason, or there is something strange going on with that bridge.

 

[rtorres]

Could you, within pfsense, verify that the "lan" port is connected to the mac ending in CE?
And to check, did you enable a floating / all-interfaces line to always allow ICMP?

Also, since you can connect a different vm on the same bridge, we know that it should be possible, so either pfsense is blocking something for some reason, or there is something strange going on with that bridge.

You are awesome for the quick responses and assisting me!


Turns out it was pfSense blocking. After I took out the eno1 interface off of the LAN in Proxmox, the MAC ID changed on LAN.

I had a DHCP entry statically assigned for Proxmox with MAC and the IP 172.22.1.10 but since it the MAC changed I had to remove the entry in pfSense and rebooted Proxmox completely.

Now all is working fine, I noticed the new MAC and added a static entry again.


Thank you for the help!

 

[sw-omit]

Nice to hear and enjoy further.
Also, as a general rule-of-thumb, if I want to be sure I find a certain device always in the same spot on the network, I don't use DHCP but static IP's, and adjust the DHCP-Range to just not be using those IP's (so instead of starting from 10, now starting from 20 for example.
If you want to keep a list of all the IP's you've stored on your network still, use Aliases and/or DNS-records (the former lets you easily reference them in rules, the later lets you reference them by name on the lan)