Return to Level1Techs.com

Proxmos DNS works but can't ping

pfsense
vm
#1

Hey, trying to virtualize some workloads to various VMs on a Proxmox box but I have an issue where Proxmox can’t ping the internet :frowning:.

The setup is Proxmox running on 192.168.4.8 with a pfsense VM managing the network connections. The Pfsense VM has a 4 port intel nic passed to it and that is all working with every other device on my network so internet works fine for everything else.

Proxmox is connected to the Pfsense VM via a lookback cable (yes a physical cable for the time being) going from opt2 to the spare Ethernet on the back of the box. It has a rule set which should block all traffic to opt1 and another which allows all traffic (goal being allow access to everything except Wifi).

dns works: (from proxmox shell)

nslookup www.google.com
Server: 192.168.4.1
Address: 192.168.4.1#53

Non-authoritative answer:
Name: www.google.com
Address: 216.58.213.4
Name: www.google.com
Address: 2a00:1450:4009:818::2004

however when I run ping in the same shell I get this:

ping 216.58.213.4
PING 216.58.213.4 (216.58.213.4) 56(84) bytes of data.
^C
— 216.58.213.4 ping statistics —
285 packets transmitted, 0 received, 100% packet loss, time 1108ms

As far as I can tell everything is setup correctly but I’m not really an expert as far as proxmox goes so maybe I have something setup wrong there? or the rules are bad?

0 Likes

#2

Typical default setups for Pfsense assign all additional ports to their own vlan. With that in mind, if you setup your VM to have the entire card passed through to your router VM then how is the “patch cable” (should not be a loopback cable if you are connecting devices and not testing), connected to the host?

One alternative way to do this would be assign virtual interfaces to the VM for everything running on the machine, then use one virtual interfaces and give it an IP address only assigned to the proxmox host. This would give you the ability to use the Pfsense VM as your router and still have the proxmox host connected through that router.

0 Likes

#3

the computer has a 4 port Ethernet card attached and a spare Ethernet from the motherboard, so pfsense has 4 ports with one of them attached from the card to the motherboard. I did it this way so that I can move the proxmox install to another machine in future without having to change the configuration.

I don’t really want to go the virtual port route because I prefer pfsense to have “full” control over the hardware… :slight_smile:

0 Likes

#4

Pfsense would still have full control over the hardware with virtual nic interfaces. It would essentially add another NIC interface to the Pfsense VM. Either way you have some issues with your routing setup.

Do you have OPT2 assigned to the same V-lan as the rest of your network or is it separated out? Pfsense expects each of the nic interfaces to manually assigned to a portion of the network. Has this been done?

0 Likes

#5

I’m not using V-lans atm (don’t need it quite yet) but the opt 2 is a separate ip range as the rest of the network.

0 Likes

#6

Separate IP range? As in the main network is 192.168.XX.XX and OPT is 10.0.0.XX? Have you tried to add OPT to the main network segment and make sure that it works?

0 Likes

#7

I would but can’t because I don’t have a switch and don’t want to buy one right now :confused:

LAN is 192.168.2.X
OPT 2 is 192.168.4.X

0 Likes

#8

Why would you need a switch to put everything on the “lan interface?” Switch the cable assignment in Pfsense to make the “OPT2” port assigned, also part of the “lan port.”

Also the reason DNS works is because the pfsense interface on 192.168.4.1 is responding with a DNS answer. Try this command: nslookup google.com 8.8.8.8 that will make nslookup use google DNS servers for the lookup and test your outbound connection. Another test would be to ping a FQDN as well.

What do your other rule sets look like for the other interfaces including the WAN?

0 Likes