New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
VM using different public IP with bridge setting in Proxmox isn't pinging to ourside.
yongsiklee
Member, Patron Provider
in Help
Host's interface:
iface eth0 inet manual
auto vmbr0
iface vmbr0 inet static
address 12.34.56.222/22
gateway 12.34.56.1
bridge-ports eth0
bridge-stp off
bridge-fd 0
VM interfaces:
device=eth0
onboot=yes
bootpronto=none
ipaddr=12.34.77.124 *please, note this is a different network from the host's
netmask=255.255.255.0
gateway=12.34.54.1 *Please, note this gateway is different from the host's gateway
dns1=8.8.8.8
dns2=8.8.4.4
*VM can ping to the host's ip only.
Any suggestion, pls?
Comments
Sorry I mistyped VM netmask here. It should be 255.255.252.0.
Why your bridge subnet and vm subnet different?
It must be same or you have to modify your network/interfaces config. Something like Routed Configuration.
I need to rewrite my post because I was not careful posting IPv4s, etc.
Below contains my real ipaddr and gateway:
Host's interface:
iface eth0 inet manual
auto vmbr0
iface vmbr0 inet static
address XX.XX.65.139/22
gateway XX.XX.65.1
bridge-ports eth0
bridge-stp off
bridge-fd 0
VM interfaces:
device=eth0
onboot=yes
bootpronto=none
ipaddr=XX.XX.66.37 *please, note this is a different network from the host's
netmask=255.255.252.0
gateway=XX.XX.65.1 *Please, note this gateway is different from the host's gateway
dns1=8.8.8.8
dns2=8.8.4.4
Is that guest vm connected with vmbr0 bridge?
With provided data I can say config is fine and perfect.
Can't fine anything wrong..
Maybe you can provide more information? Like with DC?
Because sometimes we have to config differently like for OVH or Hetzner
Yes, it is connected to vmbr0.
This is not OVH or Hetzner, which I am fine doing network configuration with.
This is a new provider, Little Creek Hosting.
They said they do not restrict multiple IPs going out thru a single interface.
I am using LXC on Proxmox with an extra IP that I leased from them.
are there any firewall (iptables) rules?
you might need to turn on ip forwarding.
I put my guests on the bridge (vmbrX) instead of the eth0, but that's just me.
somehow I feel it's... cleaner? maybe?
gateway XX.XX.65.1 was wrong. It should be xx.xx.64.1 and they later told me it's the gateway for the 1st IP as well. So it's not two different network. It's one network. It make sense given /22.
I edited the original interfaces above right here. So 2 IPs are in the same network.
Their speed and fast response are good but it is strange I was only given an IP address when VPS was created, no gateway, subnet, etc. Maybe they are not used to doing this kind of VPS business - It looks like they have been doing managed VPS and hosting company.
I can't even ping the gateway from within VM.
I tried routed configuration but didn't work either.
But both the IPs work on its own. The 2nd IP works on the host machine just like the 1st one.
Never used Little Creek Hosting and their knowledge base doesn't seem helpful for your issue but I wonder if both IPs are linked to your VPS' (virtual) interface (virtual) MAC address? Your LXC container has a different virtual MAC and so it doesn't work.
Other idea is to check on the host the value of /proc/sys/net/ipv4/ip_forward
It looks like you are right. SSH into the VM ip ends up in the host machine. lol
>
I just enabled it before checking. Dang...
Routed configuration should still work, I've never done it but it looks simple enough in Proxmox' wiki https://pve.proxmox.com/wiki/Network_Configuration
Routed configuration didn't work either. Even with this configuration, SSH into vm (xx.xx.65.139) ends up in the host machine (xx.xx.66.37) lol like they are inseparable.
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address xx.xx.66.37/22
gateway xx.xx.64.1
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
auto vmbr0
iface vmbr0 inet static
address xx.xx.65.139/22
bridge-ports none
bridge-stp off
bridge-fd 0
if above is your host configuration, then you gave xx.xx.65.139/22 as the host address on the bridge.
Not a network expert at all, I hope someone else will come and help you.
I wonder if you can cheat by giving your host a different address on the bridge (since your provider won't forward traffic for that address to you):
address xx.xx.65.138/31
That way you can give the real address xx.xx.65.139/32 to the VM with xx.xx.65.138 as the gateway.
Again, I don't know what I am doing, hopefully someone can help you.
seems you're doing it wrong for routed setup.
eth0 should be the main hostnode IP and it's gateway. vmbr0 then holds the additional IP. your last post looks like you already mixed that up.
also note that in a routed setup the gateway for your guest is not going to be the external one, but the hostnode IP.
as an alternative you could setup a nat bridge instead and give your guest VM a private IP. on the hostnode then simply forward everything that comes in on the addon IP towards that private IP (e.g. via iptables)
eth0 is my host IP and gateway.
vmbr0 is my additional ip, my vm ip.
>
>
Yes, hence, bridge-ports none
I will try this one.
Thanks.
I don't think I did.
>
That is interesting.
>
I think you totally did lol.
Another option I think would be to not give the host an address on the bridge (just xx.xx.66.37/22 on the eth0 interface) and then set up a route to the bridge for xx.xx.65.139). Then use xx.xx.66.37 as the gateway on the VM.
In a routed configuration your host must act like a router, hence the route. My "fake" address with the /31 tries to achieve this too, the route is implied in the /31.
I would be even easier to ask your provider for a virtual MAC lol.
I tried and failed. :-(
I tried and failed. :-(
Still not working.
I will try that one at the last resort.
Do you want to paste what you did, maybe someone will have an idea?
/etc/network/interfaces (guest lxc) :
auto lo
iface lo inet loopback
dns-nameservers 8.8.8.8
auto eth0
iface eth0 inet static
address xx.xx.65.139/32
gateway xx.xx.66.37
pointopoint xx.xx.66.37
/etc/network/interfaces (Proxmox hostnode):
auto lo
iface lo inet loopback
iface eth0 inet manual
auto vmbr0
iface vmbr0 inet static
address xx.xx.66.37/22
gateway xx.xx.64.1
bridge-ports eth0
bridge-stp off
bridge-fd 0
post-up ip route add xx.xx.65.139/32 dev vmbr0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
Pinging from the guest:
root@creek-1:~# ping yahoo.com
^Xping: yahoo.com: Temporary failure in name resolution
root@creek-1:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From XX.XX.66.37: icmp_seq=1 Redirect Host(New nexthop: XX.XX.64.1)
From XX.XX.66.37: icmp_seq=1 Redirect Host(New nexthop: XX.XX.64.1)
From XX.XX.66.37: icmp_seq=1 Redirect Host(New nexthop: XX.XX.64.1)
From XX.XX.66.37: icmp_seq=1 Redirect Host(New nexthop: XX.XX.64.1)
^C
--- 8.8.8.8 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10223ms
just to make sure we understand correctly, both these addresses (host and guest) are valid, routable addresses assigned by your provider, yes?
Of course. Both addresses work fine. I tested on the host machine with each of these two and they work.
And this WAS the default network interfaces right after a fresh installation of Debian 11 even before installing Proxmox in it:
The loopback network interface
auto lo
iface lo inet loopback
The primary network interface
auto eth0
iface eth0 inet static
address XX.XX.66.37
netmask 255.255.252.0
gateway XX.XX.64.1
auto eth0:0
iface eth0:0 inet static
address XX.XX.65.139
netmask 255.255.252.0
gateway XX.XX.64.1
I could have access to the node with either of these two ip addresses.
You've connected the bridge with eth0 so I think you're back to the virtual MAC issue.
what do your qemu commandline args for net look like?
ps auxww|grep qemu
specifically, the '-device virtio-net-pci,mac=XX:XX:XX:XX:XX:XX,netdev=net0' and the ' -netdev type=tap,id=net0,ifname=tap...' bits
root@server4:~# ps auxww|grep qemu
root 602 0.0 0.0 80188 3508 ? Ssl Mar05 0:00 /usr/sbin/qemu-ga
root 185525 0.0 0.0 6244 712 pts/2 S+ 15:12 0:00 grep qemu
root@server4:~#
I'm not sure why you are using /32 on guest node
All your IPs are from a single /22 right?
Then I don't think you need to change it and all IPs must work with /22 as they belongs to the same subnet on same network
This config should work out of the box unless you are missing some crucial details
That config was the first config I did but that did not work. Hence...