[SOLVED] Bridged - No Port routing

D

daftlink

Member
Mar 14, 2021
20
0
6
30
Hello

I'm facing to a weird issue;
I've the following configuration for my interfaces:

Code: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.70/24
        gateway 192.168.1.254
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

I've four VMs behind the bridge, no one is reachable from Internet for any services such as SSH, HTTPS etc..

I've enable ipv4_forwarding on both host and guests.

If I configured a SSH server outside of Proxmox and configure my router to route the port, it's work so it's not the router.

My hosts can reach Internet. Hosts are all Ubuntu 20.04. There's not any firewall configured on Proxmox (I've all disabled, deleted) neither on Hosts.

Code: 
pveversion
pve-manager/6.3-6/2184247e (running kernel: 5.4.103-1-pve)

Any ideas ?

Cheers
 
daftlink said:
Hello

I'm facing to a weird issue;
I've the following configuration for my interfaces:

Code: 
auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.1.70/24
        gateway 192.168.1.254
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0

I've four VMs behind the bridge, no one is reachable from Internet for any services such as SSH, HTTPS etc..

I've enable ipv4_forwarding on both host and guests.

If I configured a SSH server outside of Proxmox and configure my router to route the port, it's work so it's not the router.

My hosts can reach Internet. Hosts are all Ubuntu 20.04. There's not any firewall configured on Proxmox (I've all disabled, deleted) neither on Hosts.

Code: 
pveversion
pve-manager/6.3-6/2184247e (running kernel: 5.4.103-1-pve)

Any ideas ?

Cheers
Click to expand...
Can you ping default gateway 192.168.1.254 , witch is on router, from VM?
If you can, network on pve is ok.

Code: 
internet
   |        /------\  192.168.1.254
   |-------| router |---|
            \------/    |         192.168.1.XXX/24
                        |           |----|
                        |-----------| VM |
                                    |----|
                        
                        ---------------------------------------------
                        |                   PVE                     |
                        ---------------------------------------------

Path for inbound is:

internet -> public_ip -> router_wan_interface -> nat [public/private] -> router_lan_interface -> pve_eno1-> vmbr0 -> VM_interface

I guess that you also have outgoing [SNAT] on router. SNAT is translation private to public address.
Also I guess that you have DNS setting on VM's.
 
Yes, sorry I will give more details

VMs can ping the router (192.168.1.254).

I agree for the path. yes my router is doing NAT indeed.

My DNS from one of my VMs is systemd-resolved daemon :

Code: 
grep "nameserver" /etc/resolv.conf
nameserver 127.0.0.53

I configured in /etc/systemd/resolved.conf, 1.1.1.1 as primary DNS.
 
daftlink said:
Yes, sorry I will give more details

VMs can ping the router (192.168.1.254).

I agree for the path. yes my router is doing NAT indeed.

My DNS from one of my VMs is systemd-resolved daemon :

Code: 
grep "nameserver" /etc/resolv.conf
nameserver 127.0.0.53

I configured in /etc/systemd/resolved.conf, 1.1.1.1 as primary DNS.
Click to expand...
First thing which you can do is install tcpdump on Ubuntu VM.
Then start it and look in packet that come to interface when for example do ssh from internet
to that Vm via router trough NAT.

I guess that you have some packet capture software or router also?
In the same time start packet capture on router.

If you see ssh packet from internet on router WAN interface then look on
LAN interface.

command to install tcpdump

Code: 
sudo apt install tcpdump -y

to start tcpdump

Code: 
sudo tcpdump -i interface_name

to grep only SSH packet

Code: 
sudo tcpdump -i interface_name | grep ssh

Second. If you settings for SNAT and DNS is good, when you run command

Code: 
curl ifconfig.io

you'll get a public address that the virtual machine presents on the Internet.
 
Last edited:
  • Like
Reactions: noko
2707974 said:
curl ifconfig.io
Click to expand...
Thank you so much (I spend all my weekend on it !) I found it directly when I saw the IP !

It's because of my Wireguard VPN ! Now I've to understand why when I've the VPN, hosts can not be accessed :rolleyes:.

EDIT: Apparently I'm not the only one, I've probably to do some NAT rules on VMs.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back