Weird network problem with Proxmox 1.7 and 1.8

[maurizio.omissoni]

since 2 days i try to solve a problem that makes me desperate.
i have 2 networks:

net80:
192.168.80.0/24
gateway 192.168.80.1

net8:
192.168.8.0/24
gateway 192.168.8.1
proxmox server 192.168.8.242

both are connected via VPN and everything worked fine for months.
i know, something have been changed but i cannot figure out what.

Problem:
since 2 days the proxmox-server in net8 cannot communicate to outside, even the own gateway 192.168.8.1 is not pingable while net80 can access everything in net8 (ping, ssh, PM-webgui and so on). a one way behavour. proxmox in net8 can only communicate with its own virtual machines.

i tried this:
1) i booted a live-CD (Ubuntu 10.10) in the proxmox-server and communication is perfect in both directions. so it is not a hardware problem (cable, NIC)
2) i installed e fresh proxmox VE 1.8 on a separate disk. same problem.
3) i temporarly disactivated the firewall in gateway 192.168.8.1. the problem persists! own gateway is still unreachable, so, communication from proxmox to outside anyway fails.

my conclusions: the problem is in the network configuration of my proxmox-system

Further informations:

---------------------------------------------------------------

/etc/network/interfaces of proxmox in net8 is like this:

# network interface settings
auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
address 192.168.8.242
netmask 255.255.255.0
gateway 192.168.8.1
bridge_ports eth0
bridge_stp off
bridge_fd 0

---------------------------------------------------------------

pve-zh2:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.8.0 * 255.255.255.0 U 0 0 0 vmbr0
default 192.168.8.1 0.0.0.0 UG 0 0 0 vmbr0

---------------------------------------------------------------

pve-zh2:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:04:23:dc:14:d0
inet6 addr: fe80::204:23ff:fedc:14d0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2193 errors:0 dropped:0 overruns:0 frame:0
TX packets:4046 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:241187 (235.5 KiB) TX bytes:441521 (431.1 KiB)
Interrupt:18 Memory:b8820000-b8840000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:264 errors:0 dropped:0 overruns:0 frame:0
TX packets:264 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:141704 (138.3 KiB) TX bytes:141704 (138.3 KiB)

tap111i0d0 Link encap:Ethernet HWaddr a2:b5:dc:d0:94:88
inet6 addr: fe80::a0b5:dcff:fed0:9488/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1213 errors:0 dropped:0 overruns:0 frame:0
TX packets:247 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:128527 (125.5 KiB) TX bytes:69225 (67.6 KiB)

tap118i0d0 Link encap:Ethernet HWaddr 9a:51:65:37:e0:80
inet6 addr: fe80::9851:65ff:fe37:e080/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1675 errors:0 dropped:0 overruns:0 frame:0
TX packets:1790 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:155038 (151.4 KiB) TX bytes:158198 (154.4 KiB)

tap119i0d0 Link encap:Ethernet HWaddr 12:bb:a4:67:c9:13
inet6 addr: fe80::10bb:a4ff:fe67:c913/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:24 errors:0 dropped:0 overruns:0 frame:0
TX packets:144 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:2103 (2.0 KiB) TX bytes:21543 (21.0 KiB)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

vmbr0 Link encap:Ethernet HWaddr 00:04:23:dc:14:d0
inet addr:192.168.8.242 Bcast:192.168.8.255 Mask:255.255.255.0
inet6 addr: fe80::204:23ff:fedc:14d0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:426 errors:0 dropped:0 overruns:0 frame:0
TX packets:1114 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:48150 (47.0 KiB) TX bytes:154637 (151.0 KiB)

---------------------------------------------------------------

pve-zh2:~# cat /etc/udev/rules.d/70-persistent-net.rules
# This file was automatically generated by the /lib/udev/write_net_rules
# program run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single line.

# PCI device 0x8086:0x1096 (e1000e)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:04:23:dc:14:d0", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

# PCI device 0x8086:0x1096 (e1000e)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:04:23:dc:14:d1", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"

---------------------------------------------------------------

pve-zh2:~# cat /etc/resolv.conf
search openfau.lan
nameserver 192.168.8.1
nameserver 192.168.80.1
nameserver 164.128.76.39

 

[udo]

Hi,
in your listing i can't see the second network. How is it connected?
Who supported the vpn - the proxmox-host?

Show please the whole content of /etc/network/interfaces.

And also "ipconfig -a" and "ip route".

Udo

 

[maurizio.omissoni]

Hello all, hello Udo
thx for your reply. (ist es nützlicher wenn ich auf deutsch schreibe?)

in your listing i can't see the second network.

i guess you mean net80. the listings there are irrelevant as it works fine to other VPN-nets since years.
the real problem is that proxmox VE within net8 cannot reach his own gateway 192.168.8.1, other machines within net8 can.
So, it is a specific networking problem of my proxmox-VE in net8.

How is it connected?
Who supported the vpn - the proxmox-host?

the VPN is supported by Zyxel Firewalls:
net8 hast a Zyxel USG200 (192.168.8.1)
net80 has a Zyxel 5 (192.168.80.1)

they worked fine for months

Show please the whole content of /etc/network/interfaces.

it is the whole content

And also "ipconfig -a" and "ip route".

you mean ifconfig -a? it's almost identical as what i showed

pve-zh2:~# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:04:23:dc:14:d0
inet6 addr: fe80::204:23ff:fedc:14d0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2511546 errors:0 dropped:0 overruns:0 frame:0
TX packets:1431530 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3517824789 (3.2 GiB) TX bytes:104487613 (99.6 MiB)
Interrupt:18 Memory:b8820000-b8840000

eth1 Link encap:Ethernet HWaddr 00:04:23:dc:14:d1
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:19 Memory:b8800000-b8820000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:619 errors:0 dropped:0 overruns:0 frame:0
TX packets:619 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:199744 (195.0 KiB) TX bytes:199744 (195.0 KiB)

tap111i0d0 Link encap:Ethernet HWaddr a2:b5:dc:d0:94:88
inet6 addr: fe80::a0b5:dcff:fed0:9488/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1364401 errors:0 dropped:0 overruns:0 frame:0
TX packets:2461781 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:95905552 (91.4 MiB) TX bytes:3513956493 (3.2 GiB)

tap118i0d0 Link encap:Ethernet HWaddr 9a:51:65:37:e0:80
inet6 addr: fe80::9851:65ff:fe37:e080/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:45628 errors:0 dropped:0 overruns:0 frame:0
TX packets:46865 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:4779896 (4.5 MiB) TX bytes:3758124 (3.5 MiB)

tap119i0d0 Link encap:Ethernet HWaddr 12:bb:a4:67:c9:13
inet6 addr: fe80::10bb:a4ff:fe67:c913/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:319 errors:0 dropped:0 overruns:0 frame:0
TX packets:1155 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:18682 (18.2 KiB) TX bytes:218961 (213.8 KiB)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

vmbr0 Link encap:Ethernet HWaddr 00:04:23:dc:14:d0
inet addr:192.168.8.242 Bcast:192.168.8.255 Mask:255.255.255.0
inet6 addr: fe80::204:23ff:fedc:14d0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4604 errors:0 dropped:0 overruns:0 frame:0
TX packets:20843 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:417032 (407.2 KiB) TX bytes:1906357 (1.8 MiB)

pve-zh2:~# ip route
192.168.8.0/24 dev vmbr0 proto kernel scope link src 192.168.8.242
default via 192.168.8.1 dev vmbr0

pve-zh2:~# time ping 192.168.8.1
PING 192.168.8.1 (192.168.8.1) 56(84) bytes of data.
^C
--- 192.168.8.1 ping statistics ---
297 packets transmitted, 0 received, 100% packet loss, time 297696ms


real 4m57.852s
user 0m0.000s
sys 0m0.008s

pve-zh2:~# ssh admin@192.168.8.1
ssh: connect to host 192.168.8.1 port 22: Connection timed out

it is an esoteric situation

is there a detailed documentation about the networking sistem in kvm/proxmox ? i did not find usable infos.
thx for any help
Mauri

 

[udo]

Hello all, hello Udo
thx for your reply. (ist es nützlicher wenn ich auf deutsch schreibe?)

hi,
my english is very bad, but this is an english forum so please english only.

i guess you mean net80. the listings there are irrelevant as it works fine to other VPN-nets since years.
the real problem is that proxmox VE within net8 cannot reach his own gateway 192.168.8.1, other machines within net8 can.
So, it is a specific networking problem of my proxmox-VE in net8.

do you have any iptable-entrys on the pvehost?
You should use tcpdump to find the problem. Like "tcpdump -i eth0 host 192.168.8.1" while you ping the gateway. If all works you should see packets in both directions.
Look with "arp" if your pve-host know the router. See also on the gateway. Perhaps the gateway disable the pve-host because more IP-Adresses came from the mac-address of eth0.

the VPN is supported by Zyxel Firewalls:
net8 hast a Zyxel USG200 (192.168.8.1)
net80 has a Zyxel 5 (192.168.80.1)

they worked fine for months

it is the whole content

you mean ifconfig -a? it's almost identical as what i showed

right! sorry ipconfig is in winworld...

it is an esoteric situation

is there a detailed documentation about the networking sistem in kvm/proxmox ? i did not find usable infos.
thx for any help
Mauri

pve use normal linux networking with bridges. bridges are like an network-hub. All devices (eth0, vmbr0, devices of the VMs which use vmbr0) are connected together.

Udo

 

[maurizio.omissoni]

Hello
your english is not bad at all! thank you for replying.

i want to remember, that the same problem persists when i install a new pve 1.8 on the same hardware, but a live-cd on the same hardware works fine.

iptables could be a good reason of my problem, but no rules are active

pve-zh2:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

and when i try to tcpdump eth0 or vmbr0 on one shell while pinging the gateway (192.168.8.1) on another shell - both of pve in net8 - then i get following results (list reduced)

pve-zh2:~# tcpdump -i eth0 host 192.168.8.1 -vv
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:20:28.340182 arp who-has 192.168.8.3 tell 192.168.8.1
09:20:28.340575 arp reply 192.168.8.3 is-at 7a:be:16:e8:1c:ce (oui Unknown)
09:20:28.340627 IP (tos 0x0, ttl 64, id 137, offset 0, flags [DF], proto UDP (17), length 70) pve-zh2.openfau.lan.51868 > 192.168.8.1.domain: [bad udp cksum ca30!] 21150+ PTR? 3.8.168.192.in-addr.arpa. (42)
09:20:34.828038 arp who-has 192.168.8.1 tell 192.168.8.20
09:20:34.828333 arp reply 192.168.8.1 is-at 40:4a:03:23:49:41 (oui Unknown)
09:20:35.231184 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 1, length 64
.
.
09:20:38.256163 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 4, length 64
09:20:38.940320 arp who-has 192.168.8.1 tell 192.168.8.3
09:20:38.940601 arp reply 192.168.8.1 is-at 40:4a:03:23:49:41 (oui Unknown)
09:20:39.264184 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 5, length 64
.
.
09:20:42.288162 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 8, length 64
09:20:42.351402 IP (tos 0x0, ttl 64, id 138, offset 0, flags [DF], proto UDP (17), length 70) pve-zh2.openfau.lan.51868 > 192.168.8.1.domain: [bad udp cksum ca30!] 21150+ PTR? 3.8.168.192.in-addr.arpa. (42)
09:20:43.296063 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 9, length 64
.
.
09:20:51.360160 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 17, length 64
09:20:52.368061 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 18, length 64
09:20:53.263044 arp who-has 192.168.8.3 tell 192.168.8.1
09:20:53.263286 arp reply 192.168.8.3 is-at 7a:be:16:e8:1c:ce (oui Unknown)
09:20:53.376163 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 19, length 64
09:20:54.384066 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 20, length 64
09:20:55.392212 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 21, length 64
09:20:56.365584 IP (tos 0x0, ttl 64, id 7143, offset 0, flags [DF], proto UDP (17), length 70) pve-zh2.openfau.lan.45145 > 192.168.8.1.domain: [bad udp cksum a65f!] 15879+ PTR? 1.8.168.192.in-addr.arpa. (42)
09:20:56.400123 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 22, length 64
09:20:57.408162 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 23, length 64
09:20:58.416162 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 24, length 64
09:20:59.183717 arp who-has 192.168.8.20 tell 192.168.8.1
09:20:59.183882 arp reply 192.168.8.20 is-at 7e:8f:12:d7:f1:f4 (oui Unknown)
09:20:59.424181 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 25, length 64
.
.
09:21:08.496165 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 34, length 64
09:21:08.667308 arp who-has 192.168.8.1 tell 192.168.8.3
09:21:08.667574 arp reply 192.168.8.1 is-at 40:4a:03:23:49:41 (oui Unknown)
09:21:09.504186 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 35, length 64
09:21:10.374598 IP (tos 0x0, ttl 64, id 7144, offset 0, flags [DF], proto UDP (17), length 70) pve-zh2.openfau.lan.45145 > 192.168.8.1.domain: [bad udp cksum a65f!] 15879+ PTR? 1.8.168.192.in-addr.arpa. (42)
09:21:10.512185 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 36, length 64
.
.
09:21:17.567743 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 43, length 64
09:21:18.533667 arp who-has 192.168.8.1 tell pve-zh2.openfau.lan
09:21:18.533963 arp reply 192.168.8.1 is-at 40:4a:03:23:49:41 (oui Unknown)
09:21:18.576375 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 44, length 64
.
.
09:21:23.616164 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 49, length 64
09:21:24.387763 IP (tos 0x0, ttl 64, id 14149, offset 0, flags [DF], proto UDP (17), length 71) pve-zh2.openfau.lan.42245 > 192.168.8.1.domain: [bad udp cksum e25e!] 21217+ PTR? 20.8.168.192.in-addr.arpa. (43)
09:21:24.624180 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 50, length 64
.
.
09:21:28.656163 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 54, length 64
09:21:29.397262 arp who-has pve-zh2.openfau.lan tell 192.168.8.1
09:21:29.397272 arp reply pve-zh2.openfau.lan is-at 00:04:23:dc:14:d0 (oui Unknown)
09:21:29.664182 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 55, length 64
.
.
09:21:37.728165 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 63, length 64
09:21:38.400719 IP (tos 0x0, ttl 64, id 14150, offset 0, flags [DF], proto UDP (17), length 71) pve-zh2.openfau.lan.42245 > 192.168.8.1.domain: [bad udp cksum e25e!] 21217+ PTR? 20.8.168.192.in-addr.arpa. (43)
09:21:38.736146 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 64, length 64
09:21:39.238343 arp who-has 192.168.8.3 tell 192.168.8.1
09:21:39.238355 arp who-has 192.168.8.20 tell 192.168.8.1
09:21:39.238514 arp reply 192.168.8.20 is-at 7e:8f:12:d7:f1:f4 (oui Unknown)
09:21:39.238595 arp reply 192.168.8.3 is-at 7a:be:16:e8:1c:ce (oui Unknown)
09:21:39.744182 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 65, length 64
.
.
09:21:52.848160 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) pve-zh2.openfau.lan > 192.168.8.1: ICMP echo request, id 32560, seq 78, length 64
^C
104 packets captured
104 packets received by filter
0 packets dropped by kernel

My Easter is kaput spending time for this problem. i study now the networking system of qemu/kvm. but when in the meanwhile somebody can help me, i will light 5 candles for salvation of your soul
cheers
Mauri

 

[spirit]

so, it's like icmp packets never return.

Maybe an arp problem with your proxmox host mac address ?

which interface does your vms used ? can your vm ping the gateway ?

 

[udo]

so, it's like icmp packets never return.

Maybe an arp problem with your proxmox host mac address ?

which interface does your vms used ? can your vm ping the gateway ?

Hi,
curios is, that an arp-question came for eth0 (00:04:23:dc:14:d0) - also the answer.

Has the pve-host, bootet with live-cd the same IP? What happens, if you use the same IP on the live-cd, or the same live-cd-ip on the pve-host? (unvalid arp-entry on gateway?).

Also strange is the bad udp-checksum - ping is icmp so i assume it's came through the nameserver questions.

Have you tried another driver for the nic? E.g. another pve-kernel (like 2.6.35 instead of 2.6.32, or 2.6.32 instead of 2.6.18).

Also the switch can have an problem - have you tried another switch-port or another switch? (i had one time a problem with an highend switch, where not all targets on the same lan are visible...).

If you use "nmap -sP 192.168.8.0/24" with pve and live-cd, do you see the same count of hosts? Except minus one for router?

Udo

 

[maurizio.omissoni]

SOLVED!!!

Hello Udo, hello spirit, hello all
thanks to your suggestions i have found the right way.
i was wrong believing the problem is in the pve network-configuration.

it was an mac/arp issue as you both suspected.

somebody activated IP/MAC binding in the gateway but forgot to register the pve and the vms inside pve

your help was essential to me. Thank you very much.
5 candles are lighted

Regards
Mauri

 

[syd]

Hi!
It seems that I have the same problem. My default gateway for ProxmoxVE is via eth0.11, not eth0. And gateways are running as KVMs on the same machine. But it doesn't mater, bcoz I would swear, that it was working like that on v1.6. Now I have 1.7 and want to update to v1.9 and, which is more important, download some new ISOs from the Internet directly to my VE, but DNS requests doesn't works on it, so i don't have Internet connection (pings works). It have been taken me 3 evenings, that I figured out that I have "bad udp cksum" on DNS requests.

So I found this thread, but I don't know what does mean this:

somebody activated IP/MAC binding in the gateway but forgot to register the pve and the vms inside pve

Can You tell, what steps should I do, to resolve the problem?

Is it bug on v1.7 and 1.8 or not?

Best Regards!