[SOLVED] Web Gui / SSH not reachable, but ping works

[MisterDeeds]

Dear all

I have a very strange problem with my 6 PVE hosts. Neither the web interface nor SSH is accessible from my PC. Ping works.



From another PC, which is in the same network, it works.


Firewall side is not blocked. Here is the network config of one of the hosts.

Spoiler: network

 network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto eno1
iface eno1 inet manual
#1G

auto eno2
iface eno2 inet manual
#1G

auto eno3
iface eno3 inet manual
#1G

auto eno4
iface eno4 inet static
        address 192.168.56.200/24
        gateway 192.168.56.1
#1G

auto enp134s0f0
iface enp134s0f0 inet manual
        mtu 9000
#25G

auto enp134s0f1
iface enp134s0f1 inet manual
        mtu 9000
#25G

auto enp26s0f0
iface enp26s0f0 inet manual
        mtu 9000
#25G

auto enp26s0f1
iface enp26s0f1 inet manual
        mtu 9000
#25G

auto bond0
iface bond0 inet manual
        bond-slaves enp134s0f0 enp134s0f1
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer2+3
        mtu 9000

auto bond0.10
iface bond0.10 inet static
        address 192.168.10.160/24
        mtu 9000

auto bond0.17
iface bond0.17 inet static
        address 192.168.17.160/24
        mtu 9000

auto bond1
iface bond1 inet manual
        bond-slaves enp26s0f0 enp26s0f1
        bond-miimon 100
        bond-mode 802.3ad
        bond-xmit-hash-policy layer2+3
        mtu 9000

auto bond0.14
iface bond0.14 inet static
        address 192.168.14.160/24
        mtu 9000

auto vmbr0
iface vmbr0 inet manual
        bridge-ports bond1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
        mtu 9000

Spoiler: pveversion

pveversion -v
proxmox-ve: 7.4-1 (running kernel: 5.15.85-1-pve)
pve-manager: 7.4-3 (running version: 7.4-3/9002ab8a)
pve-kernel-5.15: 7.4-1
pve-kernel-5.13: 7.1-9
pve-kernel-5.4: 6.4-15
pve-kernel-5.15.104-1-pve: 5.15.104-2
pve-kernel-5.15.102-1-pve: 5.15.102-1
pve-kernel-5.15.85-1-pve: 5.15.85-1
pve-kernel-5.13.19-6-pve: 5.13.19-15
pve-kernel-5.4.174-2-pve: 5.4.174-2
pve-kernel-5.4.106-1-pve: 5.4.106-1
ceph: 16.2.11-pve1
ceph-fuse: 16.2.11-pve1
corosync: 3.1.7-pve1
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown: residual config
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.24-pve2
libproxmox-acme-perl: 1.4.4
libproxmox-backup-qemu0: 1.3.1-1
libproxmox-rs-perl: 0.2.1
libpve-access-control: 7.4-2
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.3-4
libpve-guest-common-perl: 4.2-4
libpve-http-server-perl: 4.2-3
libpve-rs-perl: 0.7.5
libpve-storage-perl: 7.4-2
libqb0: 1.0.5-1
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 5.0.2-2
lxcfs: 5.0.3-pve1
novnc-pve: 1.4.0-1
proxmox-backup-client: 2.4.1-1
proxmox-backup-file-restore: 2.4.1-1
proxmox-kernel-helper: 7.4-1
proxmox-mail-forward: 0.1.1-1
proxmox-mini-journalreader: 1.3-1
proxmox-offline-mirror-helper: 0.5.1-1
proxmox-widget-toolkit: 3.6.5
pve-cluster: 7.3-3
pve-container: 4.4-3
pve-docs: 7.4-2
pve-edk2-firmware: 3.20230228-2
pve-firewall: 4.3-1
pve-firmware: 3.6-4
pve-ha-manager: 3.6.0
pve-i18n: 2.12-1
pve-qemu-kvm: 7.2.0-8
pve-xtermjs: 4.16.0-1
qemu-server: 7.4-3
smartmontools: 7.2-pve3
spiceterm: 3.2-2
swtpm: 0.8.0~bpo11+3
vncterm: 1.7-1
zfsutils-linux: 2.1.9-pve1

is it possibly due to the MTU? My PC runs virtualized on one of the PVE hosts. I have specified 1 as the MTU, i.e. bridge.

net0: virtio=FE:7C:D2:17:A3:77,bridge=vmbr0,mtu=1,tag=99

Via the 1G interface (on which the gateway is also defined), I can reach the web interface.

Does anyone have an idea?

Thanks and best regards

 

[bbgeek17]

You have quite a bit going on there and, admittedly, I did not invest time in matching all interfaces and creating a diagram. It seems that it works when hosts are on the same subnet, but doesnt when it has to cross a router?

Have you checked for duplicate IP yet? Compare ARP/IP pairs between the host that works and the one that doesnt.
Its unlikely to be MTU as you dont even get a TCP session to a port, based on your screenshot. However, it could be a misconfiguration of a bond, for example.
Has this ever worked before? If it has - what changed?

I would recommend breaking up the problem into pieces and trying each part separately, simplify your environment troubleshooting as much as you can.

P.S. assuming all 6 nodes are configured identically network-wise, check that you can SSH and access GUI cross-node for each interface. You can use "curl -sk https://IP:8006" for UI access test.

---

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox

 

[MisterDeeds]

Dear bbgeek17

Thanks for the reply and the inputs. And sorry for the late feedback. We are running two firewalls with separate internet connections that route different networks. In the end it was a firewall rule that not allowed a connection from network A of firewall A into network B of firewall B. How embarrassing...

But thanks for the help!