URGENT! No outgoing traffic second interface with same gateway.

mangelot

Member
Apr 7, 2021
16
1
8
43
Running latest Proxmox 7.0-10.

When a lxc container has 2 interfaces (eth0 and eth1) with the same ipv4 gateway in GUI

192.168.2.1 GW 192.168.2.254 inside lxc ping succesfull
192.168.2.2 GW 192.168.2.254 inside lxc ping timeout

the secondary interface isn't having outgoing traffic/ping.
It used to work, after the latest update this is anymore.... is this a bug!
 
That is expected behavior. You can not have two "real" (virtual) interfaces in the same network.

If you need to support two different IP-addresses, use interface aliases, not NICs.

Best regards
 
  • Like
Reactions: gurubert
... is this a bug!

No, it’s bad configuration! ;)

But maybe you can share what you want to achieve so we can help you with a proper solution.

I’m not a networkexpert but I would never:
- configure two nics with different IP’s in the same subnet on the same host.
- assign two (default) gateways to the same host. If you want additional routing then you have add these manually.

Just my two cents.
 
  • Like
Reactions: gurubert
Okay, thanks!

Well it seems to have worked before with this setup, until the recent update.
here is the situation:

Proxmox host.

eno2 is on 192.168.3.0 subnet with ipv6
eno1 is on 192.168.2.0 subnet (vlan 3)

vmbr0 linux bridge eno2 with IPv4 192.168.3.22 gateway 192.168.3.1 (for the GUI)
vmbr1 linux bridge eno1 no ip

LXC 101 network Config

net0 eth0 bridge vmbr1 VLAN tag 3 MAC xx:xx:xx:xx:xx:xx IPv4 192.168.2.158 GW 192.168.2.254
net1 eth1 bridge vmbr1 VLAN tag 3 MAC xx:xx:xx:xx:xx:xx IPv4 192.168.2.159 GW 192.168.2.254
net2 eth2 bridge vmbr0 with first static IPv6 and gateway
net3 eth3 bridge vmbr0 with second static IPv6 and gateway

Inside the LXC centos 8

ping -4 -c4 www.google.com -I eth0 is okay
ping -4 -c4 www.google.com -I eth1 is timeout
ping6 -c4 ipv6.google.com-I eth2 is okay
ping6 -c4 ipv6.google.com-I eth3 is okay
 
Ok, thanks for the info. Generally pretty standard config apart from the LXC.

Still not clear what was the reason to configure it this way on the LXC. What “problem” did you face that made you decide to configure it this way?
 
Well I'm new to Proxmox using it about a half year now, before I used Openvz (venet) .

I installed a test server with PVE6 and installed some LXC containers on it.
I'm not so handy into routed setups, so I used Bridged setups, just for simplicity.
Later on, some LXC containers needed an extra IP, so I just simply added a extra ETH interface..
This worked all the time (al interfaces could ping the outside world from inside the LXC container) until last update from PVE 6 to PVE 7.. I bellieve

Do you have any idea why I cannot ping outside with eth1 from inside the LXC container? Is the config wrong?
or can you teach me how to use a routed setup?
 
Later on, some LXC containers needed an extra IP, so I just simply added a extra ETH interface..

Why/what for did you need the extra IP?

Do you have any idea why I cannot ping outside with eth1 from inside the LXC container?

To be honest no! I guess it has to do with your, let's say, strange config.

Basically it works this way; A host can have multiple interfaces, in different subnets for direct access into those, but has only one default gateway. This is the way out to other subnets, not directly connected to the host. If you have internal subnets those must be routed by your internal router. If you want to go to external networks then your internal router, will use its default gateway (probably your ISP) to connect to them.

If you, for what ever reason, need a not default way to a host/network then you must add a static route to that host/network.

As still is not clear to me what "problem" you faced which made you make this config. Could you tell me/us about that?
 
Why/what for did you need the extra IP?
Just for a linux gameserver, I'm using together with my neightbours, I would like to separate the IP's one for internal an one external NAT/firewall.

Basically it works this way; A host can have multiple interfaces, in different subnets for direct access into those, but has only one default gateway. This is the way out to other subnets, not directly connected to the host. If you have internal subnets those must be routed by your internal router. If you want to go to external networks then your internal router, will use its default gateway (probably your ISP) to connect to them.

If you, for what ever reason, need a not default way to a host/network then you must add a static route to that host/network.
I understand this part, but I dont have the know how for the right commands (/etc/network/interfaces..... ip route add ....)
Read: I tryed but wasn't succcesfull


But I'm pulling my hairs out on this issue:

It seems strange to me, that in my config eth0 and eth1 both have the same (default) gateway in the Proxmox GUI for this LXC contianer.
and are connected on the same subnet and bridged to the same interface on the PVE host.
and only eth0 interface can ping to google from inside the LXC container, and eth1 can not.

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         gateway.kpn    0.0.0.0         UG    100    0        0 eth0
default         gateway.kpn    0.0.0.0         UG    101    0        0 eth1
192.168.2.0    0.0.0.0         255.255.255.0   U     100    0        0 eth0
192.168.2.0    0.0.0.0         255.255.255.0   U     101    0        0 eth1


[root@game ~]# ping -4 -c4 www.google.com -I eth0
PING www.google.com (74.125.206.103) from 192.168.2.1 eth0: 56(84) bytes of data.
64 bytes from wk-in-f103.1e100.net (74.125.206.103): icmp_seq=1 ttl=111 time=7.14 ms
64 bytes from wk-in-f103.1e100.net (74.125.206.103): icmp_seq=2 ttl=111 time=6.98 ms
64 bytes from wk-in-f103.1e100.net (74.125.206.103): icmp_seq=3 ttl=111 time=7.13 ms
64 bytes from wk-in-f103.1e100.net (74.125.206.103): icmp_seq=4 ttl=111 time=6.93 ms

--- www.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 6.931/7.043/7.136/0.136 ms

[root@game ~]# ping -4 -c4 www.google.com -I eth1
PING www.google.com (66.102.1.104) from 192.168.2.2 eth1: 56(84) bytes of data.

--- www.google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3070ms
 
Just for a linux gameserver, I'm using together with my neightbours, I would like to separate the IP's one for internal an one external NAT/firewall.

Please some more info on this (how configured?).

What you could try is the following (in the LXC):

- disable eth1
- ping google.com
- traceroute google.com
- enable eth1, disable eth0
- ping google.com
- traceroute google.com
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!