Something blocking DHCP Offer into VM

[firebladed]

I am part way transitioning a lab from Esxi to proxmox

I have a kea DHCP server, on ubuntu, in one vm serving local network (imported from esxi) which seem to work for normal network

I have a second just installed ubuntu vm that while can use ipv6 does not receive DHCP offers, dhcp requests are sent received and replied to by DHCP server.

I can capture these via tcpdump from a shell on the host ~

tcpdump port 67 or port 68 -e -n -i vmbr0

01:58:37.546693 bc:24:11:94:c9:51 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:94:c9:51, length 300
01:58:37.546754 bc:24:11:94:c9:51 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:94:c9:51, length 300
01:58:37.547404 00:50:56:91:d5:56 > bc:24:11:94:c9:51, ethertype IPv4 (0x0800), length 496: 192.168.1.1.67 > 192.168.1.88.68: BOOTP/DHCP, Reply, length 454
01:58:37.547665 00:50:56:91:d5:56 > bc:24:11:94:c9:51, ethertype IPv4 (0x0800), length 496: 192.168.1.1.67 > 192.168.1.89.68: BOOTP/DHCP, Reply, length 454

however in the vm im not capturing the offer packets

sudo tcpdump port 67 or port 68 -e -n

01:58:36.432134 bc:24:11:94:c9:51 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:94:c9:51, length 300
01:58:36.432615 bc:24:11:94:c9:51 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from bc:24:11:94:c9:51, length 300

something seems to be blocking them between the host linux bridge and the vm interface but
currently there is no firewall enabled anywhere in proxmox (datacenter, host or vm)


or one configured in the vm

sudo iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

does anyone know or have any suggestions on how to diagnose or fix this?

 

[wima]

did you fix that in the meantime?

 

[raihei]

I have the same problem for a few days now. Exact same behavior. DHCP replies arriving on vmbr0 but are not arriving in the VM.

For testing, I created a new Linux bridge vmbr1 on another physical network port and moved the VMs to this bridge. On this port/bridge it works. When I move them back to vmbr0 it stops working. Very odd. Even tried to remove vmbr0 and recreated it, no success.
VMs use VirtIO NICs, host uses I225-V on both NICs. "ip a" shows same settings for both bridges.