Two IPs for node, port 8006 is working only to one.

P

pavelg

New Member
Apr 26, 2023
8
0
1
Hello,

Please help understand the correct setup.
Current config:
PCI shelf with one installed G25A - EMBEDDED SINGLE BOARD COMPUTER.
Two IPs are defined:
1.2.3.4/24 for eno1 I/F
3.4.5.101/26 for enp4s0f1 I/F
#ip a (only relevant): 3: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UP group default qlen 1000 link/ether XX:XX:XX:XX:88:21 brd ff:ff:ff:ff:ff:ff altname enp0s25 8: enp4s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr2 state UP group default qlen 1000 link/ether XX:XX:XX:XX:a8:21 brd ff:ff:ff:ff:ff:ff 16: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether XX:XX:XX:XX:88:21 brd ff:ff:ff:ff:ff:ff inet 1.2.3.4/24 scope global vmbr1 valid_lft forever preferred_lft forever inet6 XXXX::XXXX:XXXX:XXXX:8821/64 scope link valid_lft forever preferred_lft forever 21: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether XX:XX:XX:XX:a8:21 brd ff:ff:ff:ff:ff:ff inet 3.4.5.101/26 scope global vmbr2 valid_lft forever preferred_lft forever inet6 XXXX::XXXX:XXXX:XXXX:a821/64 scope link valid_lft forever preferred_lft forever #ip rule show 0: from all lookup local 32764: from all to 3.4.5.64/26 lookup rt2 32765: from 3.4.5.64/26 lookup rt2 32766: from all lookup main 32767: from all lookup default # ip route list table rt2 default via 3.4.5.126 dev vmbr2 3.4.5.64/26 dev vmbr2 scope link src 3.4.5.101

Web access to 1.2.3.4:8006 is working well. This is our main I/F for developers.

#nc -zv 3.4.5.101 8006 (from the remote machine) Connection to 3.4.5.101 8006 port [tcp/*] succeeded!

However, when going to http://3.4.5.101:8006 - the following error appears
This page isn’t working
3.4.5.101 didn’t send any data.
ERR_EMPTY_RESPONSE

Should I define 3.4.5.101 as "Management Interface", like 1.2.3.4 ? Can they be both defined as "Management I/F" or only one?

Thank you in advance,
Pavel
 
unless you manually changed that, pveproxy should listen on all interfaces/addresses. did you by chance enable the pve-firewall?
 
fabian said:
unless you manually changed that, pveproxy should listen on all interfaces/addresses. did you by chance enable the pve-firewall?
Click to expand...
Hi Fabian,

Thank you for the fast reply.
This what only is defined:
fw.jpg

Should I add/change something?

Regards,
Pavel
 
fabian said:
if you enable the firewall, there is a special ipset for defining who can access the API/GUI:

https://pve.proxmox.com/pve-docs/ch..._ip_set_span_class_monospaced_management_span
Click to expand...
Thank you.

This example is pointing to /etc/pve/firewall/cluster.fw file.
We do not have even /etc/pve/firewall folder. Should I create it?

I only see /etc/pve/nodes/OUR-NODE/host.fw file.

#cat /etc/pve/nodes/OUR-NODE/host.fw [RULES] OUT ACCEPT -p tcp -dport 10051 -sport 10051 -log nolog IN ACCEPT -p tcp -dport 10051 -sport 10051 -log nolog OUT ACCEPT -p tcp -dport 10050 -sport 10050 -log nolog IN ACCEPT -p tcp -dport 10050 -sport 10050 -log nolog


As you can see, no [IPSET management] is defined there.
Should I define it adding both my subnets as allowed for the management?

Regards,
Pavel
 
Last edited:
what does pve-firewall status say?
 
then it's not the firewall that is blocking your access ;) did you maybe forget to add the S to httpS:// ? the most recent versions of PVE should redirect you in that case, but maybe yours is not recent enough?
 
fabian said:
then it's not the firewall that is blocking your access ;) did you maybe forget to add the S to httpS:// ? the most recent versions of PVE should redirect you in that case, but maybe yours is not recent enough?
Click to expand...
You are SUPER!!!
https was the issue

# pveversion pve-manager/7.2-3/c743d6c1 (running kernel: 5.15.30-2-pve)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back