[SOLVED] VM's cannot access Internet - Proxmox in Google Cloud

S

sha256shah

New Member
Sep 28, 2022
6
1
3
I've installed Proxmox in a Google Cloud VM and managed to get to the point where I can create Proxmox VM's that boot up, but can't access the Internet.

The Proxmox host can access the Internet.




Network config:
1666701771849.png

Host /etc/network/interfaces file
Code: 
auto lo
iface lo inet loopback

auto ens4
iface ens4 inet static
        address 10.154.0.14/20
        gateway 10.154.0.1

iface ens5 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.0.0.242/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up   echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o ens4 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o ens4 -j MASQUERADE


source-directory /etc/network/interfaces.d
source-directory /run/network/interfaces.d

IP Config of Host
Code: 
root@proxmox-host-2:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 42:01:0a:9a:00:0e brd ff:ff:ff:ff:ff:ff
    altname enp0s4
    inet 10.154.0.14/20 scope global ens4
       valid_lft forever preferred_lft forever
    inet6 fe80::4001:aff:fe9a:e/64 scope link
       valid_lft forever preferred_lft forever
3: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc mq state UP group default qlen 1000
    link/ether 42:01:0a:00:00:f1 brd ff:ff:ff:ff:ff:ff
    altname enp0s5
    inet 10.0.0.241/32 brd 10.0.0.241 scope global dynamic ens5
       valid_lft 84060sec preferred_lft 84060sec
    inet6 fe80::4001:aff:fe00:f1/64 scope link
       valid_lft forever preferred_lft forever
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 72:d3:45:16:10:c5 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.242/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::70d3:45ff:fe16:10c5/64 scope link
       valid_lft forever preferred_lft forever
5: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 32:c3:81:bf:b9:20 brd ff:ff:ff:ff:ff:ff
6: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether ba:c2:ba:45:a3:8f brd ff:ff:ff:ff:ff:ff

Host IP routing info
Code: 
root@proxmox-host-2:~# ip r
default via 10.154.0.1 dev ens4 proto kernel onlink
10.0.0.0/24 dev vmbr0 proto kernel scope link src 10.0.0.242
10.0.0.1 dev ens5 scope link
10.154.0.0/20 dev ens4 proto kernel scope link src 10.154.0.14

Ping from host:
Code: 
root@proxmox-host-2:~# ping -c2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=1.29 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=122 time=0.882 ms

--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.882/1.087/1.293/0.205 ms



VM IP Config (Kali Linux)
1666702646713.png

VM route
1666702933314.png

Ping from VM
1666703259332.png


Not sure where to go from here.

EDIT:
I've tried Routed and Masquerading (NAT) network configs but have the same problem with both.
 
Last edited:
mira said:
Do you have the host firewall enabled? If so, try adding the following from the docs [0]:
Code: 
post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1


[0] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#sysadmin_network_configuration (3.3.6)
Click to expand...

Oh dear, I did enable the firewall for debugging purposes (enabled logging) but did not add the above!!

I also found another problem with the default gateway because I had changed the IP address of the host without updating it in the VMs.

With both corrected, I can now access the Internet from the VMs!!!! :) Thank you so much.

Having so many layers of networking and firewalls (Proxmox VM, Proxmox host, GCloud VM, GCloud network, etc.) still makes the whole thing very complicated.
 
Last edited:
  • Like
Reactions: FarVision
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom