Hi Folks,
My brain hurts!
I am currently running Proxmox 8.3.4 and have various VM's running on different VLAN's. These all play nicely and have full internet connectivity. However I have been trying to move some VM's to containers to save system resources and allow Proxmox better manage the resources.
I am having massive issues when I create a container getting it to talk to the big wide world. My bridge is VLAN aware. I have tried Debain 11 & 12 and Ubuntu 22.04 & 24.10 all with the same problems. If I create a container on the host IP all works as it should, full internet access. If I create a container with a VLAN tag, Debian seems to fail to properly start (Proxmox says its started, but I have a blank screen), Ubuntu will start with no internet access. If I create a container on the host IP and then add the tag once fully set up all internet activity halts.
However I used a Proxmox helper script to install Adguard Home on a debian container with a VLAN tag and everything worked as expected first time.
I have tried adding DNS servers to the container, instead of leaving use host. This makes no difference.
I have tried setting a Static IP - ip a shows that it has the IP address given. But still no access. The container does not show up in the IP leases in PfSense.
I have tried setting IP to DHCP - ip a shows that it has obtained an ip in the DHCP range and this shows up in the DHCP leases in PfSense, still no connectivity.
I am unable to ping and ip address (internal or external) e.g. 1.1.1.1, nor can I ping a domain. I get 100% packet loss in both cases. No error of unable to resolve domain.
Container conf:
root@pve:~# cat /etc/pve/lxc/202.conf
arch: amd64
cores: 4
features: nesting=1
hostname: jellyfin
memory: 4096
nameserver: 192.168.20.1
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:8A:C6:80,ip=dhcp,ip6=dhcp,tag=20,type=veth
ostype: debian
rootfs: local-lvm:vm-202-disk-0,size=16G
swap: 512
unprivileged: 1
root@pve:~#
I tried taking the firewall=1 reference out, as this seems to be the only difference to the Helper Script lxc, I can think might be causing the issue.
root@jellyfin:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0@if301: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether bc:24:11:8a:c6:80 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.20.100/24 brd 192.168.20.255 scope global dynamic eth0
valid_lft 5707sec preferred_lft 5707sec
inet6 2a02:xxxx:xxxx:20::xxxx/128 scope global dynamic
valid_lft 5846sec preferred_lft 3146sec
inet6 2a02:xxxx:xxxx:20:xxxx:xxxx:xxxx:xxxx/64 scope global dynamic mngtmpaddr
valid_lft 86050sec preferred_lft 14050sec
inet6 fe80::be24:11ff:fe8a:c680/64 scope link
valid_lft forever preferred_lft forever
root@jellyfin:~#
Any help on how to get the container to play nicely with the VLAN would be gratfully accepted. I am a Novice to both linux and networking, but learning fast.
Cheers
Jungle
My brain hurts!
I am currently running Proxmox 8.3.4 and have various VM's running on different VLAN's. These all play nicely and have full internet connectivity. However I have been trying to move some VM's to containers to save system resources and allow Proxmox better manage the resources.
I am having massive issues when I create a container getting it to talk to the big wide world. My bridge is VLAN aware. I have tried Debain 11 & 12 and Ubuntu 22.04 & 24.10 all with the same problems. If I create a container on the host IP all works as it should, full internet access. If I create a container with a VLAN tag, Debian seems to fail to properly start (Proxmox says its started, but I have a blank screen), Ubuntu will start with no internet access. If I create a container on the host IP and then add the tag once fully set up all internet activity halts.
However I used a Proxmox helper script to install Adguard Home on a debian container with a VLAN tag and everything worked as expected first time.
I have tried adding DNS servers to the container, instead of leaving use host. This makes no difference.
I have tried setting a Static IP - ip a shows that it has the IP address given. But still no access. The container does not show up in the IP leases in PfSense.
I have tried setting IP to DHCP - ip a shows that it has obtained an ip in the DHCP range and this shows up in the DHCP leases in PfSense, still no connectivity.
I am unable to ping and ip address (internal or external) e.g. 1.1.1.1, nor can I ping a domain. I get 100% packet loss in both cases. No error of unable to resolve domain.
Container conf:
root@pve:~# cat /etc/pve/lxc/202.conf
arch: amd64
cores: 4
features: nesting=1
hostname: jellyfin
memory: 4096
nameserver: 192.168.20.1
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:8A:C6:80,ip=dhcp,ip6=dhcp,tag=20,type=veth
ostype: debian
rootfs: local-lvm:vm-202-disk-0,size=16G
swap: 512
unprivileged: 1
root@pve:~#
I tried taking the firewall=1 reference out, as this seems to be the only difference to the Helper Script lxc, I can think might be causing the issue.
root@jellyfin:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0@if301: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether bc:24:11:8a:c6:80 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.20.100/24 brd 192.168.20.255 scope global dynamic eth0
valid_lft 5707sec preferred_lft 5707sec
inet6 2a02:xxxx:xxxx:20::xxxx/128 scope global dynamic
valid_lft 5846sec preferred_lft 3146sec
inet6 2a02:xxxx:xxxx:20:xxxx:xxxx:xxxx:xxxx/64 scope global dynamic mngtmpaddr
valid_lft 86050sec preferred_lft 14050sec
inet6 fe80::be24:11ff:fe8a:c680/64 scope link
valid_lft forever preferred_lft forever
root@jellyfin:~#
Any help on how to get the container to play nicely with the VLAN would be gratfully accepted. I am a Novice to both linux and networking, but learning fast.
Cheers
Jungle