[SOLVED] VMs are not reachable from outside (Hetzner, Routed Setup)

T

ThomasH

Member
Jun 4, 2019
27
5
23
58
Hi everybody,

i get crazy: my VMs are not reachable from outside via IPV4. Surely a configuration problem, but I can't find it.

First I configurated all my servers to IPV6 only, all went fine until I found out, that Thunderbird has troubles with IPV6-Adresses (but this is another theme). So I ordered two IPV4-Addresses and MACs and configured like described:

Via IPV6, all fine, but via IPV4-addresses I can't reach the VMs... :-(


HOST:

According to the configuration manual of Hetzner (https://community.hetzner.com/tutorials/install-and-configure-proxmox_ve) I did a

Code: 
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1

first.

----
/etc/network/interfaces:

Code: 
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet static
        address 95.216.244.184
        netmask 255.255.255.255
        pointopoint 95.216.244.129
        gateway 95.216.244.129

iface eno1 inet6 static
        address 2a01:4f9:2b:26ec::2/128
        gateway fe80::1
        up sysctl -p

auto vmbr0
iface vmbr0 inet static
        address 95.216.244.184
        netmask 255.255.255.255
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        up ip route add 95.216.244.147/32 dev vmbr0
        up ip route add 95.216.244.154/32 dev vmbr0

iface vmbr0 inet6 static
        address 2a01:4f9:2b:26ec::2:1/64
        up ip -6 route add 2a01:4f9:2b:26ec::/64 dev vmbr0

----

Guestsystem:

/etc/network/interfaces:
Code: 
source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto ens18
iface ens18 inet static
        address 95.216.244.154
        netmask 255.255.255.255
        pointopoint 95.216.244.184
        gateway 95.216.244.184

iface eno1 inet6 static
        address 2a01:4f9:2b:26ec::2:7
        netmask 64
        gateway 2a01:4f9:2b:26ec::2:1
        up sysctl -p

Adding an "iptables ... -j MASQUERADE" helped and I was able to ping from VM to web, but not from web to VM...

Help me please to stay normal... %-)

Greetz and Thanks, Thomas
 
Last edited:
Before diving into the network config, I would check if the firewall is enabled or configured only for IPv4/6 on the VMs.
 
Hi, thanks for your reply.

No, I made sure, all fw are switched off. Just to avoid this error... :)

Code: 
root@proxmox ~ # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination      

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination      

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

My routes:
Code: 
route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         95.216.244.129  0.0.0.0         UG    0      0        0 eno1
95.216.244.129  0.0.0.0         255.255.255.255 UH    0      0        0 eno1
95.216.244.147  0.0.0.0         255.255.255.255 UH    0      0        0 vmbr0
95.216.244.154  0.0.0.0         255.255.255.255 UH    0      0        0 vmbr0

Code: 
ip route show
default via 95.216.244.129 dev eno1 proto kernel onlink
95.216.244.129 dev eno1 proto kernel scope link src 95.216.244.184
95.216.244.147 dev vmbr0 scope link
95.216.244.154 dev vmbr0 scope link

Just for testing I installed an empty clean Debian VM with IPV4 only on my Proxmox. The /etc/network/interfaces looks like this:
Code: 
auto lo
iface lo inet loopback

allow-hotplug ens18
iface ens18 inet static
           address 95.216.244.154/24  # I entered a Netmask of 255.255.255.0, because "gateway not reachable" with 255.255.255.255
           gateway 95.216.244.184
           dns-nameservers 8.8.8.8
           dns-search <myDomain>.de

When the installation tries to get the advanced installation files from a ftp-server the connection failed.

Then I entered in the host-machine

Code: 
iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE

and it was able to go on installing. Allright, seems like the error is definetely in the host. But WHERE?? O.O

Ping is possible between host and guests.

Greetz,

Thomas
 
Last edited:
Oh No! :-( Yesterday eve, back from work, I went on trying to fix this problem. As I always do, I look into histories, if possible to see, what I have done last.

Then I ping'd my VMs via IPV4 and - got an answer?! O.O

After writing my last reply I ended my work and did nothing to go home. Today I come to work, ping'd my VMs... and got an answer, too!

I am really confused. Okay, seems, like some things need a rest during night to function. :-/
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back