VM routing oddity

M

mrnippy

New Member
Oct 6, 2022
3
0
1
Hello,

Goal: route traffic through a proxmox VM (so that I can use ipset blacklists)

Problem: Traffic can reach the VM on 10.0.0.10, but even if other hosts on the network set their default gateways to 10.0.0.10, traffic is never sent into the VM, the hypervisor sends it onwards to 10.1.1.1 without dropping it down into 10.0.0.10.

/etc/network/interfaces:

Code: 
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
        address 10.1.1.5/24
        gateway 10.1.1.1
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
auto vmbr0
iface vmbr0 inet static
        address 10.0.0.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0


Traceroute to an external IP from a physical host:
Code: 
traceroute to 52.65.87.70 (52.65.87.70), 20 hops max, 60 byte packets
 1  10.1.1.5  100.496 ms  100.477 ms  100.861 ms
 2  10.1.1.1  100.926 ms  101.253 ms  101.314 ms
 3  172.16.0.1  101.755 ms  101.961 ms  102.117 ms

Traceroute to the vm from the same physical host:
Code: 
traceroute to 10.0.0.10 (10.0.0.10), 20 hops max, 60 byte packets
 1  10.1.1.5  21.415 ms  21.372 ms  21.736 ms
 2  10.0.0.10  22.042 ms  22.428 ms  23.015 m

The physical host's routing table:
Code: 
default via 10.0.0.10 dev wlan0 proto dhcp src 10.1.1.210 metric 600
10.0.0.10 dev wlan0 proto dhcp scope link src 10.1.1.210 metric 600
10.1.1.0/24 dev wlan0 proto kernel scope link src 10.1.1.210 metric 600

Why does the traffic not pass through the VM, even though the routes seem correct?

I do have an entire network diagram, if anyone believes it might help - I just need to edit out sensitive data.

P.S. there is a static route at 10.1.1.1 to direct 10.0.0.0/24 to 10.1.1.5
 
Here's the network map best I can describe it.
172.16.0.1 is a router in another house with a cross-link.
Nothing is broken there but I left it in for transparency.Screenshot_2022-10-06_10-11-00.png
 
I have added an additional NIC on the hypervisor now, but it doesn't seem to have helped.
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back