Virtual Machine Can't Ping Its Own Gateway

T

twkl

New Member
Feb 3, 2025
2
0
1
Hi,

Just stood up a physical server running Proxmox v8.3.0. Management is configured on vmbr0 (eno1) while VM is configured on vmbr1 (eno2):

Code: 
iface eno1 inet manual

iface eno2 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.10.10.10/24
        gateway 10.10.10.1
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

auto vmbr1
iface vmbr1 inet manual
        bridge-ports eno2
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

On the physical switch ...

eno1:
  • trunk
  • native vlan 10
eno2:
  • trunk
  • native vlan 20
On the Windows VM:
  • ip - 10.10.20.20/24
  • gw - 10.10.20.1
  • firewall disabled
I can access the management web front so vmbr0 is working fine. But the following is not working:
  • Windows VM can't ping its own gateway of 10.10.20.1 so can't get out
  • Proxmox host can't ping the WIndows VM on 10.10.20.20
Whats working:
  • Proxmox host can ping the Windows VM's gateway 10.10.20.1
  • My physical client machine can also ping the VM's gateway
But there's no communication between the VM and the Host. Any help would be most appreciated.
 
Hi!
this sounds like a firewall issue. To be sure, could you try disabling the firewall on the datacenter, node and vm level? The vm's and the datacenter typically have a default input policy of drop so you'll need to add custom rules to allow access to this vm.
 
ggoller said:
Hi!
this sounds like a firewall issue. To be sure, could you try disabling the firewall on the datacenter, node and vm level? The vm's and the datacenter typically have a default input policy of drop so you'll need to add custom rules to allow access to this vm.
Click to expand...
You're most probably right. i added a couple of post-up rules to the bridge for ip_forward and masquerading rules and managed to get further down the rabbit hole.

Haven't tried disabling the firewall on all 3 levels yet (only realised there were 3 of them after much googling) and will give it a shot when I get a chance.

Thanks.
 
You must log in or register to reply here.
Top Bottom