Suddently No Internet On My VM

M

mhakim

Member
Oct 1, 2021
26
2
8
43
Hi all,
I just confused, suddently all of my VM has no internet and can't ping outside the vm and can't ping the vm host.

my version :
1695089677458.png

my network config
1695089737468.png

the proxmox host can reach the internet
1695089784868.png

but the host can't ping the vm
1695089912422.png

inside view from the vm (windows)
1695089953414.png


and this is my interfaces file :
auto lo
iface lo inet loopback

auto enp1s0
iface enp1s0 inet manual

auto enp2s0
iface enp2s0 inet manual

auto enp3s0
iface enp3s0 inet manual

auto enp4s0
iface enp4s0 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.100.122/24
bridge-ports enp1s0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 202.x.x.x/29
gateway 202.x.x.x
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up echo 1 > /proc/sys/net/ipv4/conf/enp2s0/proxy_arp

any idea?
 
Hi @mhakim, could you please provide the configuration of the network devices on the VM?
I would like to suggest using the vmbr0 adapter for the VM's network.
Is the VM able to ping the host? If it can, it might indicate a firewall issue on the VM side.
 
after i cleanup the iptables the vm now can access the internet... :(

hi @pndhkm, on the first post, i post the configuration of the proxmox host, and this is the network config from one of vms :
1695187756954.png
 
Hello could you please share the contents of /etc/network/interfaces? The one in your previous post does not match whats in the screenshot above. Please also share the contents of the VM config at /etc/pve/qemu-server/ID.conf

What do you have at 192.168.100.1, I cannot see anything at this address and you have that set up as the gateway for the Windows guest.

Additionally, the bridge vmbr0 which is in the subnet at 192.168.100.XX/24 does not have a default gateway.
 
this is my /etc/network/interfaces :
Code: 
auto lo
iface lo inet loopback


auto enp1s0
iface enp1s0 inet manual


auto enp2s0
iface enp2s0 inet manual


auto enp3s0
iface enp3s0 inet manual


auto enp4s0
iface enp4s0 inet manual


auto vmbr0
iface vmbr0 inet static
        address 192.168.100.122/24
        bridge-ports enp1s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094


auto vmbr1
iface vmbr1 inet static
        address 202.56.163.123/29
        gateway 202.56.163.121
        bridge-ports enp2s0
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/enp2s0/proxy_arp


and this is /etc/pve/qemu-server/ID.conf from one of my vm :
Code: 
root@vm:~# cat /etc/pve/qemu-server/100.conf
boot: order=ide0;ide2;net0
cores: 4
ide0: local-zfs:vm-100-disk-0,size=128G
ide2: none,media=cdrom
machine: pc-i440fx-6.0
memory: 4096
name: JLIAVCONSOLE
net0: e1000=F6:A0:56:78:58:DC,bridge=vmbr0,firewall=1
numa: 0
ostype: win10
scsihw: virtio-scsi-pci
smbios1: uuid=3513d798-3560-4749-a256-8ff921f45e88
sockets: 1
vmgenid: d9227c04-27ba-4f8b-996c-01e5bcffe399
 
Hi @mhakim
Can you please identify which device is using the IP address 192.168.100.1? The device using this IP address should have NAT configuration.

If the VM wants to use the host's gateway IP, I recommend changing the IP address of the vmbr0 interface from 192.168.100.122/24 to 192.168.100.1/24, and then configuring NAT as follows:

Install the package to persist iptables rules:
Code: 
apt install iptables-persistent

Configure NAT:
Code: 
iptables -t nat -A POSTROUTING -o vmbr1 -j MASQUERADE

save the iptables rules:
Code: 
iptables-save > /etc/iptables/rules.v4
 
pndhkm said:
Hi @mhakim
Can you please identify which device is using the IP address 192.168.100.1? The device using this IP address should have NAT configuration.

If the VM wants to use the host's gateway IP, I recommend changing the IP address of the vmbr0 interface from 192.168.100.122/24 to 192.168.100.1/24, and then configuring NAT as follows:

Install the package to persist iptables rules:
Code: 
apt install iptables-persistent

Configure NAT:
Code: 
iptables -t nat -A POSTROUTING -o vmbr1 -j MASQUERADE

save the iptables rules:
Code: 
iptables-save > /etc/iptables/rules.v4
Click to expand...
192.168.100.1 is my mikrotik router VLAN DMZ ip.

so this is my network topology :
1695252117653.png

I've installed proxmox before this mess happend, and when I enter this comment :
Code: 
iptables -t nat -A POSTROUTING -o vmbr1 -j MASQUERADE

suddently all the vm has no internet.

But when I'm cleaning all the iptables rules, the vm can access the internet.

Also, after update my proxmox, I should restart the server to make iptables configuration load.

Now the vm can access the internet, but I can't browse them from the internet.
 
Hi @mhakim,
Certainly! a private IP address is used within a private network, such as a home or business network, and is not directly accessible from the internet, IP (Internet Protocol) addresses can be categorized into two main types: public and private.

  1. Public IP Address: (202.x.x.x/29)
    • A public IP address is a unique address assigned to a device or network on the internet.
    • It is globally accessible, allowing devices with public IP addresses to communicate with other devices and services on the internet.
    • Public IP addresses are typically provided by Internet Service Providers (ISPs) and are used for identifying devices on the internet.
  2. Private IP Address: (192.168.100.x/24)
    • These addresses are used to identify devices within the local network and are typically assigned by a router or network administrator.
    • Private IP address ranges are defined by RFC 1918 and include addresses like 192.168.x.x, 172.16.x.x to 172.31.x.x, and 10.x.x.x.
In summary, public IP addresses are used for devices that need to communicate over the internet, while private IP addresses are used for devices within a local network to facilitate communication within that network. Network Address Translation (NAT) is often used to allow multiple devices with private IP addresses to share a single public IP address for internet access.
 
case closed.
i've managed the iptables rules to pass throught the internet traffic into my vms.
 
If the issue is for the vms in the proxmox, then there is a new firewall option enabled by default.
VM>hardware>network device>edit>uncheck firewall or configure necessary firewall rules

1695393806113.png
 
I've follow the uncheck, still not working.

currently I can browse the vms via internet, but getting connection refused from LAN with different vlan.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back