VM is Unreachable/No Route To Host.

H

humroben

Member
Jun 6, 2017
1
0
6
30
I'm trying to configure my promox hosts with an external firewall (e.g. pfsense). I've got the basic iptables masquerading rules configured, however, somewhere in the network configuration on the Host is preventing the VM from being reached on a port such as port 80.

I've configured the basic network as follows:
Code: 
auto lo
iface lo inet loopback

iface eth0 inet manual

iface eth1 inet manual

iface eth2 inet manual

iface eth3 inet manual

auto vmbr0
iface vmbr0 inet static
    address 10.10.0.101
    netmask 255.255.0.0
    gateway 10.10.0.1
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0

I can connect to a VM on SSH, but from what I've found out, this is because the host itself if listening on the default port, 22. Whereas port 80 returns the following:
Code: 
root@Prox-01:~# curl 10.10.1.200
curl: (7) Failed to connect to 10.10.1.200 port 80: No route to host

root@Prox-01:~# ping 10.10.1.200
PING 10.10.1.200 (10.10.1.200) 56(84) bytes of data.
64 bytes from 10.10.1.200: icmp_seq=65 ttl=64 time=0.472 ms

Here is the VM web resource:
Code: 
[root@Prox-VM-01 ~]# lsof -i:80
COMMAND  PID  USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   1005  root    6u  IPv4  17447      0t0  TCP *:http (LISTEN)
nginx   1006 nginx    6u  IPv4  17447      0t0  TCP *:http (LISTEN)

[root@Prox-VM-01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 66:8e:13:44:10:6d brd ff:ff:ff:ff:ff:ff
    inet 10.10.1.200/16 brd 10.10.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::7399:9f1c:b352:1515/64 scope link
       valid_lft forever preferred_lft forever

All connections from the VM to the outside are working without any issues.

I want to try and get this working without the need to implement iptables rules, as I shouldn't need to, but I can't figure out why this isn't working. Any help on this would be appreciated.
 
in bridge mode, (the PVE default) your do not need any iptables/firewalling on the pve hosts to make the VM accessible on the LAN

check that:
* the NIC of your VM is located on the vmbr0 bridge:
qm config my_vmid | grep ^net0
net0: virtio=5A:99:B2:45:82:5A,bridge=vmbr0
* disable firewall on the host
* disable firewall on the guest

* after that you should be able to connect via curl to the VM from anywhere on your LAN
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back