[SOLVED] Ubuntu LXC unable to access LAN or WAN outside of host

InvaderGur

New Member
May 5, 2021
17
1
3
34
Thank you all in advance for your time, I'll appreciate any feedback or pointers to get me through such a simple step in getting my proxmox server running. I have been stuck on this for nearly two weeks and believe I have exhausted what I can troubleshoot on my own.

Here is where I am currently:
1. Perform a fresh install of v6.4-5 on two PCs
2. Download ubuntu-20.04-standard_20.04-1_amd64.tar.gz on each system using "pveam download"
3. Create a LXC using the web UI
4. Boot the respective containers and log into the console through the web UI and/or through ssh > lxc-attach
5. run apt update

PC #1 -> able to retrieve information from the necessary urls (e.g. apt update > http://archive.ubuntu.com/ubuntu). I believe the relevant specifications are the CPU: AMD 5600x, MOBO: ASUS ROG Strix B550-F Gaming, GPU: MSI GeForce GTX 1080 ARMOR 8G OC.

PC #2 -> not able to ping anything outside of the host IP. CPU: Intel 7600T, MOBO: MSI B150M ECO, GPU: integrated Intel HD Graphics 630.

Let me know RAM or PSU are worth including. Both PCs have the latest and greatest motherboard firmware/BIOS versions installed and, as far as I can tell, are not restricting network traffic in any manner.

This is the second or third time I installed v6.4-5 fresh. In earlier instances, I dove into modifying firewall rules/preferences, messed around with Netplan in the LXCs, used static and DHCP assigned IPs, created Windows 10 and TrueNAS VMs and numerous other troubleshooting steps.

As you can likely tell, I am entirely new to Proxmox as well as this forum. I do have several years experience tinkering with CLIs, Ubuntu, VMs but am now attempting to run my home server based in Proxmox. Please let me know whether I should have included additional details up front or if I am somehow breaking rules by posting here.

Again, any support is deeply appreciated.
 
hi,

Here is where I am currently:
1. Perform a fresh install of v6.4-5 on two PCs
2. Download ubuntu-20.04-standard_20.04-1_amd64.tar.gz on each system using "pveam download"
3. Create a LXC using the web UI
4. Boot the respective containers and log into the console through the web UI and/or through ssh > lxc-attach
5. run apt update

PC #1 -> able to retrieve information from the necessary urls (e.g. apt update > http://archive.ubuntu.com/ubuntu). I believe the relevant specifications are the CPU: AMD 5600x, MOBO: ASUS ROG Strix B550-F Gaming, GPU: MSI GeForce GTX 1080 ARMOR 8G OC.

PC #2 -> not able to ping anything outside of the host IP. CPU: Intel 7600T, MOBO: MSI B150M ECO, GPU: integrated Intel HD Graphics 630.
before assuming any hardware specific issues it would make sense to rule out any network misconfiguration.

could you post the relevant container configurations and your PVE host network configuration?

Code:
ip a
cat /etc/network/interfaces
pct config CTID

where CTID is the ID of your container.
 
Thank you for the reply, Oguz. Please see outputs from the two PCs below. As a reminder PC #1 is functioning properly and PC #2 is not able to access the WAN or LAN.

To clarify, when I attempt to ping 192.168.1.10, which is the host IP, I am receiving this response: ping: connect: Network is unreachable

PC #1
Code:
Linux pc1 5.4.106-1-pve #1 SMP PVE 5.4.106-1 (Fri, 19 Mar 2021 11:08:47 +0100) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sat May  8 15:44:56 2021 from 192.168.1.13
root@pc1:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether BB:BB:BB:BB:BB:BB brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether BB:BB:BB:BB:BB:BB brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.11/24 brd 192.168.1.255 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 zzzz::zzzz:zzzz:zzzz:zzzz/64 scope link
       valid_lft forever preferred_lft forever
root@pc1:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface enp0s31f6 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.1.11/24
    gateway 192.168.1.1
    bridge_ports enp0s31f6
    bridge_stp off
    bridge_fd 0
root@pc1:~# pct config 101
arch: amd64
cores: 4
hostname: pc1ubuntutest
memory: 16384
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=XX:XX:XX:XX:XX:XX,ip=dhcp,ip6=dhcp,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-101-disk-0,size=100G
swap: 512
unprivileged: 1

PC #2
Code:
Linux pc2 5.4.106-1-pve #1 SMP PVE 5.4.106-1 (Fri, 19 Mar 2021 11:08:47 +0100) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Mon May 10 08:27:54 2021 from 192.168.1.13
root@pc2:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether AA:AA:AA:AA:AA:AA brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether AA:AA:AA:AA:AA:AA brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 mmmm::mmmm:mmmm:mmmm:mmmm/64 scope link
       valid_lft forever preferred_lft forever
4: veth100i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether BB:BB:BB:BB:BB:BB brd ff:ff:ff:ff:ff:ff link-netnsid 0
5: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether CC:CC:CC:CC:CC:CC brd ff:ff:ff:ff:ff:ff
6: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether DD:DD:DD:DD:DD:DD brd ff:ff:ff:ff:ff:ff
7: fwln100i0@fwpr100p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether CC:CC:CC:CC:CC:CC brd ff:ff:ff:ff:ff:ff
root@pc2:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface enp6s0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.1.10/24
    gateway 192.168.1.1
    bridge_ports enp6s0
    bridge_stp off
    bridge_fd 0
root@pc2:~# pct config 100
arch: amd64
cores: 12
hostname: pc2ubuntutest
memory: 16384
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=XX:XX:XX:XX:XX:XX,ip=dhcp,ip6=dhcp,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-100-disk-0,size=100G
swap: 512
unprivileged: 1

I screened/edited IPs and MAC addresses, please let me know whether I am now missing relevant information to this troubleshooting.
 
Code:
root@pc2:~# pct config 100
arch: amd64
cores: 12
hostname: pc2ubuntutest
memory: 16384
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=XX:XX:XX:XX:XX:XX,ip=dhcp,ip6=dhcp,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-100-disk-0,size=100G
swap: 512
unprivileged: 1

do you have an IPv6 dhcp server running? if not then your container will look for that and the network service can hang (see ip6=dhcp in the config).

you can try setting it to static ipv6 on GUI and leaving the values empty, or just remove that part from the configuration and restart the container to see if problem is fixed this way.
 
I do not have an IPv6 server running and have previously had that set to static. I set it back to static using the GUI and am still receiving ping: connect: Network is unreachable. Now that I'm double checking, I am not even able to ping the host IP from the LXC at this time.

Please see updated responses for PC #2 below. Thank you for your help.


Code:
root@pc2:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether AA:AA:AA:AA:AA:AA brd ff:ff:ff:ff:ff:ff
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether AA:AA:AA:AA:AA:AA brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.10/24 brd 192.168.1.255 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 mmmm::mmmm:mmmm:mmmm:mmmm/64 scope link
       valid_lft forever preferred_lft forever
4: veth100i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether BB:BB:BB:BB:BB:BB brd ff:ff:ff:ff:ff:ff link-netnsid 0
5: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether CC:CC:CC:CC:CC:CC brd ff:ff:ff:ff:ff:ff
6: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether DD:DD:DD:DD:DD:DD brd ff:ff:ff:ff:ff:ff
7: fwln100i0@fwpr100p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether CC:CC:CC:CC:CC:CC brd ff:ff:ff:ff:ff:ff
root@pc2:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface enp6s0 inet manual

auto vmbr0
iface vmbr0 inet static
    address 192.168.1.10/24
    gateway 192.168.1.1
    bridge_ports enp6s0
    bridge_stp off
    bridge_fd 0
root@pc2:~# pct config 100
arch: amd64
cores: 12
hostname: pc2ubuntutest
memory: 16384
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=XX:XX:XX:XX:XX:XX,ip=dhcp,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-100-disk-0,size=100G
swap: 512
unprivileged: 1
 
it seems that your dhcp does not assign an ip address in the lxc. What is the output of ip a from inside the lxc?
 
Quick update, I created a new LXC and set IPv6 to static initially, I am no longer receiving ping: connect: Network is unreachable.

However, I am not able to ping the host IP from the LXC as I believed I was able to previously.
Code:
root@ubuntuLXCpc2:~# ping 192.168.1.10
PING 192.168.1.1 (192.168.1.10) 56(84) bytes of data.
^C
--- 192.168.1.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1011ms
 
Last edited:
it seems that your dhcp does not assign an ip address in the lxc. What is the output of ip a from inside the lxc?

Here are the outputs from ip a from the LXC that is functioning as expected (PC #1) and the LXC that is unable to access the network (PC #2).

PC #1
Code:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether AA:AA:AA:AA:AA:AA brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.15/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 mmmm::mmmm:mmmm:mmmm:mmmm/64 scope link
       valid_lft forever preferred_lft forever

PC #2
Code:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether BB:BB:BB:BB:BB:BB brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.1.16/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 nnnn::nnnn:nnnn:nnnn:nnnn/64 scope link
       valid_lft forever preferred_lft forever
 
I am no longer receiving ping: connect: Network is unreachable.
could you check for general internet connectivity? like ping 1.1.1.1 and ping google.com from inside the container?
maybe the host is just firewalled.

for debugging you could run tcpdump on the host while pinging from the container and try to see where the packets are being dropped
 
Here's the output from ping 1.1.1.1 and ping google.com from inside the container

Code:
Linux pc2 5.4.106-1-pve #1 SMP PVE 5.4.106-1 (Fri, 19 Mar 2021 11:08:47 +0100) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Wed May 12 21:07:17 2021
root@pc2:~# lxc-attach --name 100
root@ubuntuLXCpc2:~# ping 1.1.1.1 
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
^C
--- 1.1.1.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3052ms

root@ubuntuLXCpc2:~# ping google.com
^C
root@ubuntuLXCpc2:~#


I'm not experienced with tcpdump but here is the only mention of the LXC static IP that I assigned in the large amount of data:
Code:
21:15:19.622141 ARP, Request who-has 192.168.1.1 tell 192.168.1.16, length 28
21:15:20.635017 ARP, Request who-has 192.168.1.1 tell 192.168.1.16, length 28
21:15:21.662993 ARP, Request who-has 192.168.1.1 tell 192.168.1.16, length 28
21:15:22.683196 ARP, Request who-has 192.168.1.1 tell 192.168.1.16, length 28


When I ping 1.1.1.1 from inside the functional pc1 ubuntu LXC, there is only a single entry from the static IP: 21:24:54.933177 IP 192.168.1.15 > one.one.one.one: ICMP echo request, id 302, seq 1, length 64
 
Last edited:
root@ubuntuLXCpc2:~# ping 192.168.1.10 PING 192.168.1.1 (192.168.1.10) 56(84) bytes of data. ^C --- 192.168.0.1 ping statistics ---
the IP address looks wrong here.



* what do you see when you run ip r inside the container?

* could you please try giving your container a static IPv4 address?
 
Good catch. I previously mentioned that I am screening IP and MAC addresses to reduce exposure of my information. the IP address that you point out as being wrong is a copy/paste/find/replace error that I have just remedied by editing my previous post.

Would you still like for me to run ip r inside the LXC?

Unfortunately, I did start with a static IPv4 address. I even attempted including a known good netplan file in the Ubuntu /etc/netplan directory. After I set a static IPv4, are there additional commands/steps I will take to provide feedback here?
 
For anyone who lands here on their own search, thanks to a crosspost on Reddit, I was able to determine root cause for this issue.

It turns out that the integrated NIC, the Intel I225-V 2.5Gb, is not supported by the default proxmox kernel. Reference: https://forum.proxmox.com/threads/is-anyone-using-i225-v-nic-in-their-pve-setup.76708/

The most recent post on that thread actually points out that there is an officially supported updated kernel (5.11) that may accept this NIC.
 
In the limited testing that I have performed since that post, the 5.11 kernel did resolve the issue.
 
  • Like
Reactions: oguz

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!