Web interface returns "refused to connect" on local network but works from vms

R

reinss

Member
Aug 28, 2020
4
0
21
39
I had working configuration. After powerloss can not connect to web interface from any browser on local network where pve resides. I can ping server on pve ip, cannot access ssh and web gui.
I can ssh and rdp vms on this server. Web gui can be accessed from any of it's vms.

What I have tried: renew certs, restart pveproxy, pvedaemon, no entry on pveproxy access log when trying to access web gui outside pve's vms.

Is it proxmox pve or I've done something with my local network configuration?

curl from local network:
Bash: 
curl https://10.10.10.252:8006 -k | grep title
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0curl: (7) Failed to connect to 10.10.10.252 port 8006: Connection refused

curl from vm:
Bash: 
curl https://10.10.10.252:8006 -k | grep title
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2157  100  2157    0     0  61628      0 --:--:-- --:--:-- --:--:-- 63441
    <title>pve - Proxmox Virtual Environment</title>

Bash: 
root@pve:~# pveversion -v
proxmox-ve: 6.2-1 (running kernel: 5.4.34-1-pve)
pve-manager: 6.2-4 (running version: 6.2-4/9824574a)
pve-kernel-5.4: 6.2-1
pve-kernel-helper: 6.2-1
pve-kernel-5.4.34-1-pve: 5.4.34-2
ceph-fuse: 12.2.11+dfsg1-2.1+b1
corosync: 3.0.3-pve1
criu: 3.11-3
glusterfs-client: 5.5-3
ifupdown: residual config
ifupdown2: 3.0.0-1+pve2
ksm-control-daemon: 1.3-1
libjs-extjs: 6.0.1-10
libknet1: 1.15-pve1
libproxmox-acme-perl: 1.0.3
libpve-access-control: 6.1-1
libpve-apiclient-perl: 3.0-3
libpve-common-perl: 6.1-2
libpve-guest-common-perl: 3.0-10
libpve-http-server-perl: 3.0-5
libpve-storage-perl: 6.1-7
libqb0: 1.0.5-1
libspice-server1: 0.14.2-4~pve6+1
lvm2: 2.03.02-pve4
lxc-pve: 4.0.2-1
lxcfs: 4.0.3-pve2
novnc-pve: 1.1.0-1
proxmox-mini-journalreader: 1.1-1
proxmox-widget-toolkit: 2.2-1
pve-cluster: 6.1-8
pve-container: 3.1-5
pve-docs: 6.2-4
pve-edk2-firmware: 2.20200229-1
pve-firewall: 4.1-2
pve-firmware: 3.1-1
pve-ha-manager: 3.0-9
pve-i18n: 2.1-2
pve-qemu-kvm: 5.0.0-2
pve-xtermjs: 4.3.0-1
qemu-server: 6.2-2
smartmontools: 7.1-pve2
spiceterm: 3.1-1
vncterm: 1.6-1
zfsutils-linux: 0.8.3-pve1

interfaces:
Bash: 
root@pve:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface eno5 inet manual

iface eno6 inet manual

iface eno7 inet manual

iface eno8 inet manual

iface enp1s0f4u4 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.10.10.252/24
        gateway 10.10.10.1
        bridge-ports eno5
        bridge-stp off
        bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
        bridge-ports eno6
        bridge-stp off
        bridge-fd 0
#for domaserv

auto vmbr2
iface vmbr2 inet manual
        bridge-ports eno7
        bridge-stp off
        bridge-fd 0
#for VPN

network:
Bash: 
root@pve:~# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether 48:df:37:d9:ba:90 brd ff:ff:ff:ff:ff:ff
3: eno6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UP group default qlen 1000
    link/ether 48:df:37:d9:ba:91 brd ff:ff:ff:ff:ff:ff
4: eno7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr2 state UP group default qlen 1000
    link/ether 48:df:37:d9:ba:92 brd ff:ff:ff:ff:ff:ff
5: eno8: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 48:df:37:d9:ba:93 brd ff:ff:ff:ff:ff:ff
6: enp1s0f4u4: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether b6:b0:06:69:d3:6f brd ff:ff:ff:ff:ff:ff
7: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 48:df:37:d9:ba:90 brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.252/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::4adf:37ff:fed9:ba90/64 scope link
       valid_lft forever preferred_lft forever
8: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 48:df:37:d9:ba:91 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4adf:37ff:fed9:ba91/64 scope link
       valid_lft forever preferred_lft forever
9: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 48:df:37:d9:ba:92 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4adf:37ff:fed9:ba92/64 scope link
       valid_lft forever preferred_lft forever
10: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr101i0 state UNKNOWN group default qlen 1000
    link/ether 92:19:3e:e4:3b:59 brd ff:ff:ff:ff:ff:ff
11: fwbr101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 8e:58:27:de:0e:c4 brd ff:ff:ff:ff:ff:ff
12: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
    link/ether 46:a3:3f:e0:c2:61 brd ff:ff:ff:ff:ff:ff
13: fwln101i0@fwpr101p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
    link/ether 8e:58:27:de:0e:c4 brd ff:ff:ff:ff:ff:ff
14: tap102i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr102i0 state UNKNOWN group default qlen 1000
    link/ether c6:65:68:b7:c7:42 brd ff:ff:ff:ff:ff:ff
15: fwbr102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:75:ca:af:c3:4a brd ff:ff:ff:ff:ff:ff
16: fwpr102p0@fwln102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr2 state UP group default qlen 1000
    link/ether 12:68:44:ce:e9:92 brd ff:ff:ff:ff:ff:ff
17: fwln102i0@fwpr102p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP group default qlen 1000
    link/ether 9a:75:ca:af:c3:4a brd ff:ff:ff:ff:ff:ff
 
Is the pveproxy service listening? ss -tulpn.
Same goes for the ssh service.

Can you ping and curl other machines/websites from the PVE node?
 
Bash: 
root@pve:~# ss -tulpn
Netid         State          Recv-Q         Send-Q                  Local Address:Port                   Peer Address:Port
udp           UNCONN         0              0                             0.0.0.0:111                         0.0.0.0:*             users:(("rpcbind",pid=838,fd=5),("systemd",pid=1,fd=34))
udp           UNCONN         0              0                                [::]:111                            [::]:*             users:(("rpcbind",pid=838,fd=7),("systemd",pid=1,fd=36))
tcp           LISTEN         0              128                           0.0.0.0:111                         0.0.0.0:*             users:(("rpcbind",pid=838,fd=4),("systemd",pid=1,fd=33))
tcp           LISTEN         0              128                         127.0.0.1:85                          0.0.0.0:*             users:(("pvedaemon worke",pid=1784,fd=6),("pvedaemon worke",pid=1783,fd=6),("pvedaemon worke",pid=1782,fd=6),("pvedaemon",pid=1781,fd=6))
tcp           LISTEN         0              128                           0.0.0.0:22                          0.0.0.0:*             users:(("sshd",pid=998,fd=3))
tcp           LISTEN         0              128                           0.0.0.0:3128                        0.0.0.0:*             users:(("spiceproxy work",pid=10681,fd=6),("spiceproxy",pid=1259,fd=6))
tcp           LISTEN         0              100                         127.0.0.1:25                          0.0.0.0:*             users:(("master",pid=1203,fd=13))
tcp           LISTEN         0              128                           0.0.0.0:8006                        0.0.0.0:*             users:(("pveproxy worker",pid=21822,fd=6),("pveproxy worker",pid=18931,fd=6),("pveproxy worker",pid=17722,fd=6),("pveproxy",pid=8766,fd=6))
tcp           LISTEN         0              128                              [::]:111                            [::]:*             users:(("rpcbind",pid=838,fd=6),("systemd",pid=1,fd=35))
tcp           LISTEN         0              128                              [::]:22                             [::]:*             users:(("sshd",pid=998,fd=4))
tcp           LISTEN         0              100                             [::1]:25                             [::]:*             users:(("master",pid=1203,fd=14))

Can you ping and curl other machines/websites from the PVE node?
Click to expand...
Yes.
 
Did you enable the firewall?

Is the machine from which you try to access the node in the same subnet?
 
Did you enable the firewall?
Click to expand...
Bash: 
root@pve:~# systemctl status pve-firewall.service
● pve-firewall.service - Proxmox VE firewall
   Loaded: loaded (/lib/systemd/system/pve-firewall.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2020-08-30 05:41:28 EEST; 1 day 10h ago
  Process: 1217 ExecStartPre=/usr/bin/update-alternatives --set ebtables /usr/sbin/ebtables-legacy (code=exited, status=0/SUCCESS)
  Process: 1219 ExecStartPre=/usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy (code=exited, status=0/SUCCESS)
  Process: 1220 ExecStartPre=/usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy (code=exited, status=0/SUCCESS)
  Process: 1221 ExecStart=/usr/sbin/pve-firewall start (code=exited, status=0/SUCCESS)
 Main PID: 1222 (pve-firewall)
    Tasks: 1 (limit: 4915)
   Memory: 100.1M
   CGroup: /system.slice/pve-firewall.service
           └─1222 pve-firewall

Aug 30 05:41:28 pve.domagroup.local systemd[1]: Starting Proxmox VE firewall...
Aug 30 05:41:28 pve.domagroup.local pve-firewall[1222]: starting server
Aug 30 05:41:28 pve.domagroup.local systemd[1]: Started Proxmox VE firewall.

Is the machine from which you try to access the node in the same subnet?
Click to expand...
I've tried to access pve server from several machines on the local network. All of them are on the same subnet both the physical machines that cannot access gui and vms that can.
 
Well, just as a test, try to disable the firewall. Disabling it on the Datacenter level in the GUI should be enough.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom