Windows VM has internet access but can't ping VM from local PC

G

gisman

New Member
Jul 19, 2024
6
0
1
I have a question. I work for a a little group at an agency and we currently have a VMware setup with 3 host machines which contain 2 Windows web servers and 3 NAS. We connect to our agency's network which allows us internet access which means I don't have any control over the building network, they just give us an access point for our web servers.

The 3 Host machines are on a 10.10.17.xxx internal network and each have their own 10.10.17.xxx IP going through 10.10.17.1 gateway. The VMware management software is also on the 10.10.17.xxx network.

The agency setup a DMZ network at 10.10.11.xxx which is outside the building network and allows the outside world to connect to our web servers and download data. Each Windows Server has a 10.10.11.xxx IP connected to 10.10.11.1 gateway.

The vmWare setup works perfectly.

I'm trying to configure Proxmox to basically do the same. The machine has an ethernet card with two ports (enp8s0f0 and enp8s0f1). The node on Proxmox has an IP of 10.10.17.30, so the vmbr0 is set to a gateway of 10.10.17.1 and it's point to enp8s0f0.

I successfully copied over an existing Windows web server from vmWare world as a test. The problem is I haven't been successful at configuring a Linux Bridge to allow this server (10.10.11.24) to access the internet. I created a vmbr1 bridge with an IP/CIDR of 10.10.11.24/24 pointing to the second ethernet port (enp8s0f1) and set the hardware of the windows server to use vmbr1 but it doesn't connect to the internet.

So I created a Simple SDN Zone, then created a VNet to access this zone, and then created a Subnet with the Subnet as 10.10.11.1/24 and Gateway as 10.10.11.1. I even gave it a DHCP range from 10.10.11.10 to 10.10.11.100, not sure if it really needed the range.

When it's connected to the SDN Simple Zone it can access the internet just fine but no one can see it. I can't ping it from my local PC, or another server on the same 10.10.11.xxx network, or even from Promox.

As a test, I switched the IP on the windows server to a 10.10.17.xxx number and connected through vmbr0. Obviously everything worked fine, I could access the internet and remote desktop to the windows server.

Is there any other configuration I need to perform on Promox so that the rest of the world can access this web server? Any information would be appreciated.
 
A few things that I'm noticing, so just confirming I understood this correctly:
Did you set up that 11.24 address on both the vmbr and then connected it to your vm where you ALSO set up the 11.24 address? If so, then you'd just created a IP-conflict, and while network might have gotten out from that IP, any network going back in would have been "caught" and then discarded (cause they didn't sent the request) by proxmox.
You should not need to set up any IP on that vmbr1, unless you would want to be able to access proxmox from this DMZ-network (which I doubt you'd want to)
And the reason why the SDN works is probably because your router is now acting as a NAT-translator, so even if your VM has 11.22, it will still look to be coming from 11.24 (your DMZ-Proxmox-IP) for any devices in the network I would guess.

Let's start out simple again:
proxmox:
vmbr0, connected to enp8s0f0, IP 10.10.17.30/24, gateway 10.10.17.1, auto-start enabled
vmbr1, connected to enp8s0f1, IP empty, gateway empty, auto-start enabled

VM 1 (your windows device):
1 network card, connected to vmbr1, no firewall enabled, no vlan set
Within the VM: IP 10.10.11.24/24 set, gateway 10.10.11.1, turn off any firewall

VM 2 ( ANY vm that you can quickly spin up or create, for example a linux live iso of sorts:
1 network card, connected to vmbr1, no firewall enabled, no vlan set
Within the VM: IP 10.10.11.XXX/24 set (any free IP), gateway to 10.10.11.1, turn off any firewall

Now from both VM's ping the following:
eachother's IP
10.10.11.1
8.8.8.8
google.com

If you can ping eachother: virtual hardware is good
if you can ping 11.1: Hardware is good (if you can't ping it, verify if you can from your vmware too just in case)
if you can ping 8.8.8.8: Internet-access is good
if you can ping google.com: DNS is good.
 
Thanks for the fast response.

All firewalls are disabled.

vmbr0 is connected to enp8s0f0, IP 10.10.17.30/24, gateway 10.10.17.1, auto-start enabled, VLAN disabled
vmbr1 is connected to enp8s0f1, IP empty, gateway empty, auto-start enabled, VLAN disabled

I set the Windows VM (10.10.11.24) and a Ubuntu VM (10.10.11.100) to vmbr1.

1) Strangely enough, both machines can not access the internet BUT they can ping each other.
2) I tried pinging 10.10.11.1 on both VMs with no success. The Windows server returns "Request timed out"
3) I tried 8.8.8.8 and google.com with no success.
 
Ok, so we then know that it is most likely something in the connection between the bridge to the DMZ

Please open a shell on proxmox host and post the results of the following commands:

Code: 
ip a
ip r
cat /etc/network/interfaces
ping 10.10.11.1 -c 3
traceroute 10.10.11.1
Then after that set up a (free) IP on the vmbr1 in the 10.10.11.X/24 range, no gateway and run the above again, as well as a ping to 10.10.11.24 and/or 10.10.11.100
 
gisman said:
So I created a Simple SDN Zone, then created a VNet to access this zone, and then created a Subnet with the Subnet as 10.10.11.1/24 and Gateway as 10.10.11.1. I even gave it a DHCP range from 10.10.11.10 to 10.10.11.100, not sure if it really needed the range.

When it's connected to the SDN Simple Zone it can access the internet just fine but no one can see it. I can't ping it from my local PC, or another server on the same 10.10.11.xxx network, or even from Promox.
Click to expand...
Hi,
With an SDN Simple Zone, you can only communicate with other VMs or the host on this host. A simple zone has no uplink.

I think the error is somewhere else, could you show the VMware setup? Then I can tell you exactly what you need to set.
 
sw-omit said:
Ok, so we then know that it is most likely something in the connection between the bridge to the DMZ

Please open a shell on proxmox host and post the results of the following commands:

Code: 
ip a
ip r
cat /etc/network/interfaces
ping 10.10.11.1 -c 3
traceroute 10.10.11.1
Then after that set up a (free) IP on the vmbr1 in the 10.10.11.X/24 range, no gateway and run the above again, as well as a ping to 10.10.11.24 and/or 10.10.11.100
Click to expand...
Here is before the change:

root@pve:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 70:85:c2:5a:13:e4 brd ff:ff:ff:ff:ff:ff
3: enp6s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 70:85:c2:5a:13:e2 brd ff:ff:ff:ff:ff:ff
4: enp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 70:85:c2:5a:13:e6 brd ff:ff:ff:ff:ff:ff
5: enp8s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
link/ether a0:36:9f:43:c7:28 brd ff:ff:ff:ff:ff:ff
6: enp8s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UP group default qlen 1000
link/ether a0:36:9f:43:c7:2a brd ff:ff:ff:ff:ff:ff
7: wlp5s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether b0:35:9f:d9:93:97 brd ff:ff:ff:ff:ff:ff
8: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a0:36:9f:43:c7:28 brd ff:ff:ff:ff:ff:ff
inet 10.10.17.30/24 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::a236:9fff:fe43:c728/64 scope link
valid_lft forever preferred_lft forever
9: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a0:36:9f:43:c7:2a brd ff:ff:ff:ff:ff:ff
inet6 fe80::a236:9fff:fe43:c72a/64 scope link
valid_lft forever preferred_lft forever
10: myDMZ2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.10.11.1/24 scope global myDMZ2
valid_lft forever preferred_lft forever
inet6 fe80::cc71:7dff:fe5f:6bc4/64 scope link
valid_lft forever preferred_lft forever
12: tap100i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
link/ether 12:7f:e9:cc:c0:94 brd ff:ff:ff:ff:ff:ff
13: ln_DMZvlan@pr_DMZvlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master DMZvlan state UP group default qlen 1000
link/ether ae:54:51:11:5a:dc brd ff:ff:ff:ff:ff:ff
14: pr_DMZvlan@ln_DMZvlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1v11 state UP group default qlen 1000
link/ether d2:68:ff:91:72:86 brd ff:ff:ff:ff:ff:ff
15: DMZvlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ae:54:51:11:5a:dc brd ff:ff:ff:ff:ff:ff
inet6 fe80::ac54:51ff:fe11:5adc/64 scope link
valid_lft forever preferred_lft forever
16: enp8s0f1.11@enp8s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1v11 state UP group default qlen 1000
link/ether a0:36:9f:43:c7:2a brd ff:ff:ff:ff:ff:ff
17: vmbr1v11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a0:36:9f:43:c7:2a brd ff:ff:ff:ff:ff:ff
inet6 fe80::a236:9fff:fe43:c72a/64 scope link
valid_lft forever preferred_lft forever
18: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr101i0 state UNKNOWN group default qlen 1000
link/ether 4a:da:b8:5e:61:0d brd ff:ff:ff:ff:ff:ff
22: fwbr101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether c6:04:4a:b2:77:45 brd ff:ff:ff:ff:ff:ff
23: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
link/ether 42:d7:23:fd:a1:5d brd ff:ff:ff:ff:ff:ff
24: fwln101i0@fwpr101p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
link/ether c6:04:4a:b2:77:45 brd ff:ff:ff:ff:ff:ff

root@pve:~# ip r
default via 10.10.17.1 dev vmbr0 proto kernel onlink
10.10.11.0/24 dev myDMZ2 proto kernel scope link src 10.10.11.1 linkdown
10.10.17.0/24 dev vmbr0 proto kernel scope link src 10.10.17.30

root@pve:~# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto enp8s0f0
iface enp8s0f0 inet manual

iface enp4s0 inet manual

iface enp6s0 inet manual

iface enp3s0 inet manual

iface wlp5s0 inet manual

auto enp8s0f1
iface enp8s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
address 10.10.17.30/24
gateway 10.10.17.1
bridge-ports enp8s0f0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet manual
bridge-ports enp8s0f1
bridge-stp off
bridge-fd 0

source /etc/network/interfaces.d/*

root@pve:~# ping 10.10.11.1 -c 3
PING 10.10.11.1 (10.10.11.1) 56(84) bytes of data.
64 bytes from 10.10.11.1: icmp_seq=1 ttl=64 time=0.034 ms
64 bytes from 10.10.11.1: icmp_seq=2 ttl=64 time=0.018 ms
64 bytes from 10.10.11.1: icmp_seq=3 ttl=64 time=0.028 ms

--- 10.10.11.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2075ms
rtt min/avg/max/mdev = 0.018/0.026/0.034/0.006 ms

root@pve:~# traceroute 10.10.11.1
traceroute to 10.10.11.1 (10.10.11.1), 30 hops max, 60 byte packets
1 10.10.11.1 (10.10.11.1) 0.369 ms 0.335 ms 0.317 ms


Here is after I added the free IP:
root@pve:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 70:85:c2:5a:13:e4 brd ff:ff:ff:ff:ff:ff
3: enp6s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 70:85:c2:5a:13:e2 brd ff:ff:ff:ff:ff:ff
4: enp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 70:85:c2:5a:13:e6 brd ff:ff:ff:ff:ff:ff
5: enp8s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
link/ether a0:36:9f:43:c7:28 brd ff:ff:ff:ff:ff:ff
6: enp8s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UP group default qlen 1000
link/ether a0:36:9f:43:c7:2a brd ff:ff:ff:ff:ff:ff
7: wlp5s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether b0:35:9f:d9:93:97 brd ff:ff:ff:ff:ff:ff
8: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a0:36:9f:43:c7:28 brd ff:ff:ff:ff:ff:ff
inet 10.10.17.30/24 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::a236:9fff:fe43:c728/64 scope link
valid_lft forever preferred_lft forever
9: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a0:36:9f:43:c7:2a brd ff:ff:ff:ff:ff:ff
inet 10.10.11.101/24 scope global vmbr1
valid_lft forever preferred_lft forever
inet6 fe80::a236:9fff:fe43:c72a/64 scope link
valid_lft forever preferred_lft forever
10: myDMZ2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 10.10.11.1/24 scope global myDMZ2
valid_lft forever preferred_lft forever
inet6 fe80::cc71:7dff:fe5f:6bc4/64 scope link
valid_lft forever preferred_lft forever
12: tap100i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
link/ether 12:7f:e9:cc:c0:94 brd ff:ff:ff:ff:ff:ff
13: ln_DMZvlan@pr_DMZvlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master DMZvlan state UP group default qlen 1000
link/ether ae:54:51:11:5a:dc brd ff:ff:ff:ff:ff:ff
14: pr_DMZvlan@ln_DMZvlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1v11 state UP group default qlen 1000
link/ether d2:68:ff:91:72:86 brd ff:ff:ff:ff:ff:ff
15: DMZvlan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ae:54:51:11:5a:dc brd ff:ff:ff:ff:ff:ff
inet6 fe80::ac54:51ff:fe11:5adc/64 scope link
valid_lft forever preferred_lft forever
16: enp8s0f1.11@enp8s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1v11 state UP group default qlen 1000
link/ether a0:36:9f:43:c7:2a brd ff:ff:ff:ff:ff:ff
17: vmbr1v11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a0:36:9f:43:c7:2a brd ff:ff:ff:ff:ff:ff
inet6 fe80::a236:9fff:fe43:c72a/64 scope link
valid_lft forever preferred_lft forever
18: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr101i0 state UNKNOWN group default qlen 1000
link/ether 4a:da:b8:5e:61:0d brd ff:ff:ff:ff:ff:ff
22: fwbr101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether c6:04:4a:b2:77:45 brd ff:ff:ff:ff:ff:ff
23: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
link/ether 42:d7:23:fd:a1:5d brd ff:ff:ff:ff:ff:ff
24: fwln101i0@fwpr101p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
link/ether c6:04:4a:b2:77:45 brd ff:ff:ff:ff:ff:ff

root@pve:~# ip r
default via 10.10.17.1 dev vmbr0 proto kernel onlink
10.10.11.0/24 dev myDMZ2 proto kernel scope link src 10.10.11.1 linkdown
10.10.11.0/24 dev vmbr1 proto kernel scope link src 10.10.11.101
10.10.17.0/24 dev vmbr0 proto kernel scope link src 10.10.17.30

root@pve:~# cat /etc/network/interfaces
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

auto enp8s0f0
iface enp8s0f0 inet manual

iface enp4s0 inet manual

iface enp6s0 inet manual

iface enp3s0 inet manual

iface wlp5s0 inet manual

auto enp8s0f1
iface enp8s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
address 10.10.17.30/24
gateway 10.10.17.1
bridge-ports enp8s0f0
bridge-stp off
bridge-fd 0

auto vmbr1
iface vmbr1 inet static
address 10.10.11.101/24
bridge-ports enp8s0f1
bridge-stp off
bridge-fd 0

source /etc/network/interfaces.d/*

root@pve:~# ping 10.10.11.1 -c 3
PING 10.10.11.1 (10.10.11.1) 56(84) bytes of data.
64 bytes from 10.10.11.1: icmp_seq=1 ttl=64 time=0.046 ms
64 bytes from 10.10.11.1: icmp_seq=2 ttl=64 time=0.019 ms
64 bytes from 10.10.11.1: icmp_seq=3 ttl=64 time=0.014 ms

--- 10.10.11.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2050ms
rtt min/avg/max/mdev = 0.014/0.026/0.046/0.014 ms

root@pve:~# traceroute 10.10.11.1
traceroute to 10.10.11.1 (10.10.11.1), 30 hops max, 60 byte packets
1 10.10.11.1 (10.10.11.1) 0.375 ms 0.332 ms 0.314 ms

root@pve:~# ping 10.10.11.24 -c 3
PING 10.10.11.24 (10.10.11.24) 56(84) bytes of data.
From 10.10.11.1 icmp_seq=1 Destination Host Unreachable
From 10.10.11.1 icmp_seq=2 Destination Host Unreachable
From 10.10.11.1 icmp_seq=3 Destination Host Unreachable

--- 10.10.11.24 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2082ms
pipe 3
 
Falk R. said:
Hi,
With an SDN Simple Zone, you can only communicate with other VMs or the host on this host. A simple zone has no uplink.

I think the error is somewhere else, could you show the VMware setup? Then I can tell you exactly what you need to set.
Click to expand...
Is this what you need?
 

Attachments

  • DMZ.png
    DMZ.png
    87.3 KB · Views: 6
  • ManagementNetwork.png
    ManagementNetwork.png
    87.3 KB · Views: 6
  • VMKernel.png
    VMKernel.png
    85.8 KB · Views: 4
  • VMNetwork.png
    VMNetwork.png
    94.1 KB · Views: 6
Thanks for the screenshots btw, because those DO show us something important:
DMZ is on VLAN 11, but no-where you're setting that VLAN in the new configuration.

Also, you still have some old setup from your testing, including a (conflicting) 11.1 IP set up, you probably want to remove that too.

So: Remove that old SDN setup/config (the myDMZ2), leave the vmbr1 without IP again, then on the VM's next to the vmbr1 connection, set the VLAN to 11 on both your test-VM's.

EDIT: Also yes, there are ways to set it on either the bridge or through SDN, but let's try it with the basic/manual method first.
 
  • Like
Reactions: Falk R.
Also, since it is on a VLAN, you might also have to reach out to your network-people anyway to verify that the port you have the enp8s0f1 connected to is either tagged with VLAN 11 (but untagged 0/nothing) OR that they can set the untagged network for that port to VLAN 11 instead (so you/proxmox doesn't have to)
 
  • Like
Reactions: Falk R.
I attached an image of my Network Device for the Windows Server, the Linux VM is the same. I still can't connect to the internet but I can ping each other.

I also removed all SDN configurations.

I am confused as to why I was able to connect to the internet when I had it set to the Simple SDN Zone but not able to ping it from my local PC. I guess it doesn't really matter because it doesn't work.

So, do I need to ask my IT guy to make sure that enp8s0f1 is connected to VLAN 11 on his side (hardware or software)? He did say that he connected both connections to VLAN 17. I honestly am not sure if this is what he did for the vmWare hosts or if they are separate. I have asked for his help in the past and he's just as clueless as I am when it comes to Proxmox, not in a bad way because he's certainly helped me out with vmWare. Plus, he's the only IT guy for the whole building so I have to ask nicely.

Anyway, I appreciate all the help and responses so far.
 

Attachments

  • Network Device.png
    Network Device.png
    23.5 KB · Views: 1
could you also post a new “ip a” -result to make sure everything is configured properly?

And as a bit of backstory, for a (vlan-aware) switch there are basically 3 states for vlan’s:
Untagged: Any device connected to that port, if they don‘t do anything special, will be on that vlan (there can only be one per port)
Tagged: if the device on that port specifies that it want that VLAN, it is allowed and will communicate with everything else on that vlan (there can be multiple per port).
Restricted/Excluded: Even if you provide that vlan-tag, it will not be let through.

So since he’s set it to 17 (untagged) for your normal network, we’ll have to tag it with 11 and then make sure that that port on the switch is also tagged with 11 (and he didn’t accidentally swap them around)
speaking of swapping btw, could you try swapping vmbr1 with vmbr0 in the VM-config, but keep the vlan 11 tag and see if that works?
 
Last edited:
Here is a new ip a result:

(also, I swapped to vmbr0 and still nothing. I'll check with my IT guy tomorrow)

root@pve:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 70:85:c2:5a:13:e4 brd ff:ff:ff:ff:ff:ff
3: enp6s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 70:85:c2:5a:13:e2 brd ff:ff:ff:ff:ff:ff
4: enp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 70:85:c2:5a:13:e6 brd ff:ff:ff:ff:ff:ff
5: enp8s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
link/ether a0:36:9f:43:c7:28 brd ff:ff:ff:ff:ff:ff
6: enp8s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr1 state UP group default qlen 1000
link/ether a0:36:9f:43:c7:2a brd ff:ff:ff:ff:ff:ff
7: wlp5s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether b0:35:9f:d9:93:97 brd ff:ff:ff:ff:ff:ff
8: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a0:36:9f:43:c7:28 brd ff:ff:ff:ff:ff:ff
inet 10.10.17.30/24 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::a236:9fff:fe43:c728/64 scope link
valid_lft forever preferred_lft forever
9: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a0:36:9f:43:c7:2a brd ff:ff:ff:ff:ff:ff
inet6 fe80::a236:9fff:fe43:c72a/64 scope link
valid_lft forever preferred_lft forever
12: tap100i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1v11 state UNKNOWN group default qlen 1000
link/ether 12:7f:e9:cc:c0:94 brd ff:ff:ff:ff:ff:ff
17: vmbr1v11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether a0:36:9f:43:c7:2a brd ff:ff:ff:ff:ff:ff
18: tap101i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr101i0 state UNKNOWN group default qlen 1000
link/ether 4a:da:b8:5e:61:0d brd ff:ff:ff:ff:ff:ff
25: fwbr101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether f2:5e:8d:16:a5:9b brd ff:ff:ff:ff:ff:ff
26: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1v11 state UP group default qlen 1000
link/ether 36:d2:49:1f:a4:9d brd ff:ff:ff:ff:ff:ff
27: fwln101i0@fwpr101p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
link/ether f2:5e:8d:16:a5:9b brd ff:ff:ff:ff:ff:ff
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back