Webgui not accessible from vmbr2

G

gwabber

New Member
Oct 20, 2024
5
1
3
hey all,

I can't access my webinterface from the new bridge I made in Proxmox.

I followed these steps:
- I added a USB3 network adapter
- I attached the adapter to vmbr2 via the GUI
- gave the bridge an IP in the range of the subnet and set the gateway
- connected VM's to vmbr2
- added firewall rules that allowed access to the GUI from vmbr2


The vm's connected to vmbr2 work fine and get an IP from the subnet, but I can't access the webgui from the IP I set for vmbr2. The gui is perfectly accessible from vmbr0.

Did I forget something?

Thanks in advance!
 
gwabber said:
- I attached the adapter to vmbr2 via the GUI
- gave the bridge an IP in the range of the subnet and set the gateway
Click to expand...
This sounds wrong. Please post the output of

Basic network information:
  • ip address show # currently active IP addresses on one NODE
  • cat /etc/network/interfaces # configuration of the network
Oh, and please put each command in a separate [CODE]...[/CODE]-block for better readability. Enter those tags verbatim or click the "</>"-symbol at the top of the editor.
 
@UdoB thanks for your reply!

The details:
Code: 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether 40:b0:34:f6:da:25 brd ff:ff:ff:ff:ff:ff
    altname enp0s31f6
3: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 40:b0:34:f6:da:25 brd ff:ff:ff:ff:ff:ff
    inet 192.168.178.50/24 brd 192.168.178.255 scope global dynamic vmbr0
       valid_lft 7078sec preferred_lft 7078sec
    inet6 XXXXXXXXXX:178:42b0:34ff:fef6:da25/64 scope global dynamic mngtmpaddr 
       valid_lft 86373sec preferred_lft 14373sec
    inet6 XXXXXXXXXX:78:42b0:34ff:fef6:da25/64 scope global dynamic mngtmpaddr 
       valid_lft 86373sec preferred_lft 14373sec
    inet6 fe80::42b0:34ff:fef6:da25/64 scope link 
       valid_lft forever preferred_lft forever
4: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 4a:88:88:46:5b:68 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4888:88ff:fe46:5b68/64 scope link 
       valid_lft forever preferred_lft forever
14: tap104i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 52:73:a2:f3:c6:ca brd ff:ff:ff:ff:ff:ff
272: enxf8e43b10883e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UP group default qlen 1000
    link/ether f8:e4:3b:10:88:3e brd ff:ff:ff:ff:ff:ff
273: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f8:e4:3b:10:88:3e brd ff:ff:ff:ff:ff:ff
    inet6 XXXXXXXXXX:1:fae4:3bff:fe10:883e/64 scope global dynamic mngtmpaddr 
       valid_lft 85865sec preferred_lft 13865sec
    inet6 XXXXXXXXXX:1:fae4:3bff:fe10:883e/64 scope global dynamic mngtmpaddr 
       valid_lft 85865sec preferred_lft 13865sec
    inet6 fe80::8825:8cff:fee6:511/64 scope link 
       valid_lft forever preferred_lft forever
27: veth108i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether fe:66:11:09:5b:36 brd ff:ff:ff:ff:ff:ff link-netnsid 3
288: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr101i0 state UNKNOWN group default qlen 1000
    link/ether 72:f2:13:b5:1e:83 brd ff:ff:ff:ff:ff:ff
289: fwbr101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether de:69:58:4e:ab:26 brd ff:ff:ff:ff:ff:ff
290: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr2 state UP group default qlen 1000
    link/ether b2:63:85:e8:a1:01 brd ff:ff:ff:ff:ff:ff
291: fwln101i0@fwpr101p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
    link/ether de:69:58:4e:ab:26 brd ff:ff:ff:ff:ff:ff
292: tap109i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr109i0 state UNKNOWN group default qlen 1000
    link/ether d2:e3:d3:81:96:36 brd ff:ff:ff:ff:ff:ff
293: fwbr109i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 42:6a:61:2f:b8:59 brd ff:ff:ff:ff:ff:ff
294: fwpr109p0@fwln109i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr2 state UP group default qlen 1000
    link/ether ca:55:c5:a1:ad:ef brd ff:ff:ff:ff:ff:ff
295: fwln109i0@fwpr109p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr109i0 state UP group default qlen 1000
    link/ether 42:6a:61:2f:b8:59 brd ff:ff:ff:ff:ff:ff
53: veth107i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr107i0 state UP group default qlen 1000
    link/ether fe:0c:71:3e:fc:58 brd ff:ff:ff:ff:ff:ff link-netnsid 2
54: fwbr107i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d6:f1:b8:bb:92:a7 brd ff:ff:ff:ff:ff:ff
55: fwpr107p0@fwln107i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether a6:af:dd:8e:fe:cf brd ff:ff:ff:ff:ff:ff
56: fwln107i0@fwpr107p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr107i0 state UP group default qlen 1000
    link/ether d6:f1:b8:bb:92:a7 brd ff:ff:ff:ff:ff:ff
74: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr100i0 state UNKNOWN group default qlen 1000
    link/ether 4e:c6:00:40:75:d0 brd ff:ff:ff:ff:ff:ff
75: tap113i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr113i0 state UNKNOWN group default qlen 1000
    link/ether 96:89:61:0d:c0:20 brd ff:ff:ff:ff:ff:ff
76: fwbr113i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 2e:aa:5e:3d:2b:db brd ff:ff:ff:ff:ff:ff
77: fwpr113p0@fwln113i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 3e:a0:83:ed:a4:97 brd ff:ff:ff:ff:ff:ff
78: fwln113i0@fwpr113p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr113i0 state UP group default qlen 1000
    link/ether 2e:aa:5e:3d:2b:db brd ff:ff:ff:ff:ff:ff
79: tap102i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr102i0 state UNKNOWN group default qlen 1000
    link/ether 76:38:67:13:c1:8e brd ff:ff:ff:ff:ff:ff
80: fwbr102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a2:91:05:8f:26:bf brd ff:ff:ff:ff:ff:ff
81: fwpr102p0@fwln102i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 56:df:14:36:20:c7 brd ff:ff:ff:ff:ff:ff
82: fwln102i0@fwpr102p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr102i0 state UP group default qlen 1000
    link/ether a2:91:05:8f:26:bf brd ff:ff:ff:ff:ff:ff
87: tap110i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr110i0 state UNKNOWN group default qlen 1000
    link/ether 8e:00:f6:cf:16:c4 brd ff:ff:ff:ff:ff:ff
88: fwbr110i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 6e:98:80:54:eb:21 brd ff:ff:ff:ff:ff:ff
89: fwpr110p0@fwln110i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 9a:35:4f:7d:97:30 brd ff:ff:ff:ff:ff:ff
90: fwln110i0@fwpr110p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr110i0 state UP group default qlen 1000
    link/ether 6e:98:80:54:eb:21 brd ff:ff:ff:ff:ff:ff
161: veth105i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr105i0 state UP group default qlen 1000
    link/ether fe:1a:ec:29:b4:39 brd ff:ff:ff:ff:ff:ff link-netnsid 0
162: fwbr105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a6:53:49:b8:3d:7a brd ff:ff:ff:ff:ff:ff
163: fwpr105p0@fwln105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether a6:e0:65:bc:a7:54 brd ff:ff:ff:ff:ff:ff
164: fwln105i0@fwpr105p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr105i0 state UP group default qlen 1000
    link/ether a6:53:49:b8:3d:7a brd ff:ff:ff:ff:ff:ff
165: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5e:89:64:bd:e3:b5 brd ff:ff:ff:ff:ff:ff
166: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 8a:a7:bf:dd:95:4a brd ff:ff:ff:ff:ff:ff
167: fwln100i0@fwpr100p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether 5e:89:64:bd:e3:b5 brd ff:ff:ff:ff:ff:ff
216: tap111i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr111i0 state UNKNOWN group default qlen 1000
    link/ether 1a:e2:f0:26:72:47 brd ff:ff:ff:ff:ff:ff
217: fwbr111i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4e:20:72:1c:bb:aa brd ff:ff:ff:ff:ff:ff
218: fwpr111p0@fwln111i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 4e:0e:6f:31:50:c7 brd ff:ff:ff:ff:ff:ff
219: fwln111i0@fwpr111p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr111i0 state UP group default qlen 1000
    link/ether 4e:20:72:1c:bb:aa brd ff:ff:ff:ff:ff:ff

Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

iface enxf8e43b10883e inet manual

auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

iface vmbr0 inet6 auto
        accept_ra 2

auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0

auto vmbr2
iface vmbr2 inet static
        address 192.168.1.202/24
        gateway 192.168.1.1
        bridge-ports enxf8e43b10883e
        bridge-stp off
        bridge-fd 0
 
Okay, your vmbr0 has "inet 192.168.178.50/24" which is probably a Fritz!Box via DHCP. This may work now but probably it is not stable on the long run. It makes trouble shooting harder and it has the potential to reboot a whole cluster because those addresses may change and neither corosync nor /etc/hosts does know about that. In short: do not do that. Read about static configuration: https://pve.proxmox.com/wiki/Network_Configuration#_default_configuration_using_a_bridge . And make sure /etc/hosts contains valid and stable information. This has nothing to do with your indicated problem though...

interfaces shows vmbr2 = 192.168.1.202. That's fine.

gwabber said:
The vm's connected to vmbr2 work fine and get an IP from the subnet, but I can't access the webgui from the IP I set for vmbr2.
Click to expand...
That's surprising indeed.

Usually the Web-Gui is listening on all interfaces. Restart it and verify it is "active (running)":
Code: 
~# systemctl  restart pveproxy.service 
~# systemctl  status  pveproxy.service

Then look at the actual process and verify the address, it should look like this:
Code: 
~# ss -tlpn
State                 Recv-Q                Send-Q                               Local Address:Port                                Peer Address:Port               Process                                                                                                                                                     

LISTEN                0                     4096                                             *:8006                                           *:*                   users:(("pveproxy worker",pid=28929,fd=6),("pveproxy worker",pid=28928,fd=6),("pveproxy worker",pid=28927,fd=6),("pveproxy",pid=28926,fd=6))
Sorry for the wide screen. The important bit is Local Address:Port - *:8006 which means "all addresses, on port 8006".

When you have a client in that network - and that's what I take from your first post - it will answer to "https://192.168.1.202:8006".

Again: note that there is no router in your setup. That address can only be reached from systems with an address inside of that network.

Try that again and describe your client if it does not work...
 
Hey @UdoB ,

Okay, your vmbr0 has "inet 192.168.178.50/24" which is probably a Fritz!Box via DHCP.
Click to expand...
It is not a Fritzbox, but an OPNSense firewall. I'm not planning on keeping it on DHCP, but I set it this way because I was testing stuff with different routers and I didn't want to have to change the IP address constantly. The IP is fixed in the ISC DHCP server though.

The second NIC is connected to another vlan with the 192.168.1.x subnet, so all the clients on that net get an IP in that range.

I'm gonna try your troubleshoot steps. I will let you know what the result is!

EDIT:
the pveproxy is running without errors, also after restarting it. The wildcard *:8006 is okay when I check it with the ss - tlpn command.
I've tried to SSH in the machine, but it says there;s no root to host. SSH into a virtual machine connected to vmbr2 works fine. Are there maybe other settings i havent looked into?
 
Last edited:
gwabber said:
Thanks for your help @UdoB ! This topic may close :)
Click to expand...
Great that I could help you.

You may tag this thread "Solved" by editing the first post - there is a drop-down menu for this; and then click "Like" for my posts ;-)
 
You must log in or register to reply here.
Top Bottom