VM unreachable when in multiple vlans

[Fred Saunier]

Hello all,

I have configured my proxmox 7.0 host bridge to be vlan-aware. I can set up vms in different vlans and it works flawlessly, so long as the vms have only 1 NIC.

When I set up a VM to have 2 NICs, in 2 different VLANs, the vm become only reachable from its vlans, other vlan users get a timeout.

Eg:
1) VM has 1 NIC1 (eth1) in VLAN 1, with a corresponding IP - it is reachable from VLAN 1 and VLAN 80 on VLAN 1 IP.
2) add a 2nd NIC2 (eth2) to the VM, in VLAN 90 (with /32 public IP) - the vm is only reachable from VLAN 1 on VLAN 1 IP or internet on VLAN 90 IP. VLAN 80 users can no longer reach VLAN 1 IP.
3) in proxmox, move NIC1 to VLAN 80 (and keep NIC2 to VLAN 90) - only users on VLAN 80 can reach the vm on VLAN 80 IP, users on VLAN 1 get a timeout

What am I doing wrong in my setup?

[Edit: additional testing]

I made some additional tests, on a proxmox 6.4 host: inter-vlan communication works as expected.
I noticed a difference in the interfaces config file:
- on proxmox 6.4, the vlan-aware bridge has these settings, which are absent on proxmox 7.0:

    bridge-vlan-aware yes
    bridge-vids 2-4094

- adding those settings to the proxmox 7.0 bridge interface messes up inter-vlan communication even more

 

[spirit]

what is your guest network config ?

Seem that you only have a simple default gw ?
if you have 1 nic for public ip and 1 nic for private ip, you should keep default gw for public, and static routes for private networks.