[SOLVED] Routing to/from VM from outside PVE

arnoproxmox

Member
Nov 23, 2020
19
0
21
22
Hi,

Today I tried to connect to/from a VM to/from the outside of the Proxmox host.
Much trial and error with routing with not the desired result.

Proxmox host (vmbr0) and VM in same subnet.
Proxmox host and VM can ping each other both ways.
Proxmox host and outside computer can ping each other both ways.
In Proxmox, in the VM, the Firewall option is No.

What am I missing? Outside computer can't ping VM.

Edit: Firewall was set to Yes at the Node. I set it to No. In Datacenter it already was No.
Setup is one box only. No cluster.
This didn't help.

Edit: What do I have to set as default gw in the VM? The ip address of the Proxmox host or the gw of my network?
The proxmox host has internet access the VM has not.

Edit: What is the correct configuration of vmbr0 in /etc/network/interfaces? Maybe I've changed something that I shouldn't have.
 
Last edited:
hi,

What do I have to set as default gw in the VM? The ip address of the Proxmox host or the gw of my network?
The proxmox host has internet access the VM has not.
that depends on how your networking is setup [0]

if you have more than one public IP address, then your VM network settings should probably use the gateway of your network.

if it's a masquerade/NAT setup, then the IP of your PVE instance.

see the linked documentation, especially the part "Choosing a network configuration"

hope this helps!

[0]: https://pve.proxmox.com/wiki/Network_Configuration
 
Thanks for the reply Oguz,

From the link I read the 'Private LAN' part.

My setup is:
Home network with one public IP address and NAT.
One PVE instance and one physical router.
VM1: Firewall/GW with passthrough NIC (no virtual NIC) conected to router.
VM2: Virtual NIC (bridged to vmbr0) / default gw is PVE host.

VM2 can't ping beyond PVE host. PVE host has internet access via connected router.
 
From the link I read the 'Private LAN' part.

My setup is:
Home network with one public IP address and NAT.
One PVE instance and one physical router.
VM1: Firewall/GW with passthrough NIC (no virtual NIC) conected to router.
VM2: Virtual NIC (bridged to vmbr0) / default gw is PVE host.


VM2 can't ping beyond PVE host. PVE host has internet access via connected router.


then you can use the default bridged configuration (to access outside), and your VM should be able to use the default gateway of your network.



to access the VM from outside, you have couple options

a) forward port 8006 on your router, this will give you access to the GUI

internet -> home_router: PORT -> PVE_IP:8006

PORT can be something of your choosing.

b) forward only for the VM IP, for example the SSH port of your VM
but in that case you don't have GUI access.

of course you can do both a) and b)

but since your home router is acting as firewall with the public IP, that's where you need to do the port forwarding
 
Last edited:
With outside I mean from outside of the PVE node. Sorry.

The router, connected to PVE node can't ping VM2.
The router can ping PVE node (vmbr0).
VM2 can ping PVE node but not the router.

The default gw of VM2 now is the IP of PVE node.
I will change it to the router address as I understand your post correctly.
 
Last edited:
Good old reinstall of PVE solved the problem :).
The VM's were still there, no need to restore the VM's. Only the <VM>.conf :).
So I don't know what the problem was.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!