I am trying to figure out why the "default" Proxmox network configuration is not behaving as I expect.
I have:
a Proxmox server (10.0.40.10)
the network bridge (vmbr0) created by Proxmox by default
a VM (10.0.40.20) connected to vmbr0 (let's call it VM1)
a VM (10.0.40.25) connected to vmbr0 (let's call it VM2)
a gateway (10.0.40.254) configured on vmbr0
When I performed an HTTP transfer (GET) on VM2 from VM1, the speed I observed indicated that traffic was exiting the Proxmox host, going to the gateway, and returning back to the Proxmox host.
Both VM1 and VM2 are connected to vmbr0, so my expectation was that vmbr0 would "switch" between the two VMs, based on the MAC/ARP, and that the traffic would remain entirely local (and be one or two orders of magnitude faster).
When I run a ping from VM2 to VM1, I observe this:
[root#vm2 ~]# ping -c 5 10.0.40.20
PING 10.0.40.20 (10.0.40.20) 56(84) bytes of data.
64 bytes from 10.0.40.20: icmp_seq=1 ttl=64 time=0.485 ms
From 10.0.40.254 icmp_seq=1 Redirect Host(New nexthop: 10.0.40.20)
64 bytes from 10.0.40.20: icmp_seq=2 ttl=64 time=0.609 ms
From 10.0.40.254 icmp_seq=2 Redirect Host(New nexthop: 10.0.40.20)
64 bytes from 10.0.40.20: icmp_seq=3 ttl=64 time=0.598 ms
--- 10.0.40.20 ping statistics ---
3 packets transmitted, 3 received, +2 errors, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.485/0.564/0.609/0.056 ms
Running a traceroute shows:
[root#vm2 ~]# traceroute -I 10.0.40.20
traceroute to 10.0.40.20 (10.0.40.20), 30 hops max, 60 byte packets
1 gateway (10.0.40.254) 0.328 ms 0.308 ms 0.393 ms
2 10.0.40.20 (10.0.40.20) 0.472 ms 0.481 ms 0.533 ms
The vmbr0 configuration looks like this:
Network definition for VM1:
Network definition for VM2:
This seems like such a fundamental use-case it seems like I must be missing something.
Does anyone know if my expectations are correct, or is this correct behavior for vmbr0? Does something look misconfigured? Do I need something like Proxy ARP or an on-box virtual router to solve such a simple use-case?
Solved: The IP addresses of some of the Virtual Machines were configured as /32 rather than /24, eg. 10.0.40.25/32 instead of 10.0.40.25/24, and therefore did not consider themselves in the same subnet as their peers, and traffic was sent out on the default route.
Related
My office-Fritzbox connected via VPN and DynDNS with my home-Fritzbox vice versa
netmask office 10.131.131.0
netmask home 10.131.10.0
If if use terminal: traceroute to office from home i get:
traceroute to 10.131.131.13 (10.131.131.13), 64 hops max, 52 byte packets
1 10.131.10.254 (10.131.10.254) 20.553 ms 0.973 ms 0.919 ms
2 10.131.131.13 (10.131.131.13) 10.949 ms 10.393 ms 10.916 ms
3 10.131.131.13 (10.131.131.13) 11.520 ms 10.980 ms 11.746 ms
but i want to know the ip-adress within the office-net e.g. 10.131.131.?
how can i get it (in Python)
i am using MacOS an Ubuntu
Support of AVM answers:
If a LAN-LAN connection is set up as described in this guide (set up VPN between two FRITZ!Boxes for individual LAN connections), your end device does not receive an IP address from the remote network. When there is a request to the remote network, the VPN connection is established automatically and the request is sent to the remote FRITZ!Box and forwarded to a device there, for example.
I installed a vbox in ubuntu 18.04, and used bridged network by adding parameters:
--bridgeadapter2 eno1 --nicpromisc2 allow-all
Everything goes fine, vm can ping outside, and host can ping vm, but outside can not ping vm:
(outside in the same subnet can ping vm, for example: 10.124.214.x can ping vm)
# 10.124.214.116 is vm, 10.124.214.4 is host, 10.124.12.103 is outside IP
# From host to vm
traceroute 10.124.214.116
traceroute to 10.124.214.116 (10.124.214.116), 30 hops max, 60 byte packets
1 10.124.214.116 (10.124.214.116) 0.232 ms 0.197 ms 0.191 ms
# From vm to outside
ping 10.124.12.103
PING 10.124.12.103 (10.124.12.103) 56(84) bytes of data.
64 bytes from 10.124.12.103: icmp_seq=1 ttl=63 time=1.38 ms
The tricky thing is vbox interface does not like normal linux tun/tap interface, I can see interface in VM, but there is nothing I can operate from host, and there is no bridge on the host.
Is there any API I can trouble shooting vbox?
Cheers code farmer
You are right about bridge. Thing here is that your VM is currently behind NAT created by virtual box (see different subnets you mentioned)
What you can do here is to create new bridge on host machine (good instructions HERE)
Using this setup you will have to change networking setting slightly:
VM Host
+-----------------------------------------------------------------+
| -> VM A (10.124.214.5/24) |
Outside network (10.124.214.0/24) -> | eno1 (no IP) -> br0 (10.124.214.4/24) -> VM B (10.124.214.6/24) |
| -> VM C (10.124.214.7/24) |
+-----------------------------------------------------------------+
Then you can assign your VM to br0. Depends on your outside network setting you might need to set static IP to your VM
Finally, I got the root cause:
There are two interfaces in my VM:
First one is NAT, second one is bridge. By default, vbox set the NAT interface as the default route, when I send out packets, it use NAT interface. But HOST and VM are in the same subnet, when connect to HOST, it use the bridge interface. When I need to access this bridged interface from outside, I need to add another entry of default route by ip route command:
sudo ip route add default via 10.124.214.116
I have configured my DNS dinhonesto.com.br and www.dinhonesto.com.br of type A to an external ip but only dinhonesto.com.br is working.
NOTE: it is not working since 15 days ago
DNS Name Type TTL (secs) Data
www.dinhonesto.com.br. A 300 34.98.110.250
dinhonesto.com.br. A 300 34.98.110.250
When I try to ping both domains (dinhonesto.com.br and www.dinhonesto.com.br)
$ ping -c 3 dinhonesto.com.br
PING dinhonesto.com.br (34.98.110.250) 56(84) bytes of data.
64 bytes from 250.110.98.34.bc.googleusercontent.com (34.98.110.250): icmp_seq=1 ttl=115 time=11.6 ms
64 bytes from 250.110.98.34.bc.googleusercontent.com (34.98.110.250): icmp_seq=2 ttl=115 time=11.6 ms
64 bytes from 250.110.98.34.bc.googleusercontent.com (34.98.110.250): icmp_seq=3 ttl=115 time=11.5 ms
--- dinhonesto.com.br ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 4884ms
rtt min/avg/max/mdev = 11.557/11.636/11.686/0.136 ms
$ ping -c 3 www.dinhonesto.com.br
ping: www.dinhonesto.com.br: Name or service not known
When I ping www.dinhonesto.com.br I get Name or service not known
I have found the solution just today, I have created an A record pointing to the External IP of my google cloud instance because I was having an error when creating a CNAME "Managed zone may have either one CNAME resource record set or resource record sets of other types, but not both."
. I have just changed my DS record from www.dinhonesto.com.br to ds.dinhonesto.com.br and it now is working fine! I even managed to use CNAME to point www.dinhonesto.com.br to dinhonesto.com.br and it is working fine too!
I hope this help somebody, Google Cloud should give an error message when we try to create an A record that conflicts with a DS record.
I have also tested both www.dinhonesto.com.br and dinhonesto.com.br with dnssec-analyzer and everything is fine.
I would like to install check MK Monitoring Server on an Ubuntu VM in Azure.
The query of the services to external works, however, not the ping.
(Ubuntu 14.04. LTS)
Which port or setting do I need to set in Azure?
PING stackoverflow.com (151.101.193.69) 56(84) bytes of data.
^C
--- stackoverflow.com ping statistics ---
99 packets transmitted, 0 received, 100% packet loss, time 98057ms
According to the present Network Security Group design - you would need to open all the ports to the VM to allow for pings. Link. There's no way to allow for ICMP only currently.
I'm using Samba and windbindd on my linux boxes. Without a firewall up on the linux box I have no trouble resolving LAN machine names:
user#laptop-linux:~$ ping desktop
PING desktop (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=128 time=0.878 ms
when I start the firewall I get:
user#laptop-linux:~$ ping desktop
ping: unknown host desktop
I have opened up the Samba ports (137-139 445) as well as the mDNS port 5353 with no effect. WINS has been enabled in nsswitch.conf and I've also tried removing the mdns4 entries for host lookup. I can see the DNS query going out regular DNS with my ISP domain suffix attached which is not what I want. I want to use wins / NetBIOS to do the work. Do I have allow some form of broadcast port? Can this be done while maintaining security? I want to have a firewall running on my laptop because I access open hotspots on a regular basis. Thanks
Sorry for necroing this post, but i had considerable trouble figuring this out, and hence am putting it up for anyone else who might run into it.
Basically you have to enable incoming packets (NB response packets) coming from port 137/udp of the responding system. In ubuntu 11.04, using ufw, this can be easily done as:
ufw allow proto udp from 192.168.1.0/24 port 137 to any
This assumes that your LAN is using the 192.168.1.0/24 ip range.