[PVE-User] Can´t ping to the outside - OVH Proxmox 5.3

Stephan Leemburg sleemburg at it-functions.nl
Sun Dec 16 20:36:54 CET 2018


Hi Miguel,

Your new PVE host 111.222.333.74 needs to have 111.222.333.254 as it's 
default gateway.

The VM's need 111.222.333.74 as their default gateway. This is what 
OVH/SoYouStart requires.

Also if you assign public failover ip addresses to your VM's, then you 
need to generate a mac address for them in the management console of 
soyoustart and assign that mac address to the public interface of the VM.

So consider if you have 16 failover ip addresses in the range 1.2.3.1/28

Then the /etc/network/interfaces of one such vm should be:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
     address 1.2.3.1
     netmask 255.255.255.255
     pre-up /etc/network/firewall $IFACE up
     post-up ip route add 111.222.333.74 dev $IFACE
     post-up ip route add 1.2.3.1/28 dev $IFACE
     post-up ip route add default via 91.121.183.137 dev $IFACE
     post-down ip route del default via 91.121.183.137 dev $IFACE
     post-down ip route del 1.2.3.1/28 dev $IFACE
     post-down ip route del 111.222.333.74 dev $IFACE
     post-down /etc/network/firewall $IFACE down

Best regards,

Stephan


On 16-12-18 20:23, Miguel González wrote:
> Sorry Stephan, I´ve been working with this setup for about 2 years.
>
> I am just wondering if in the case of an PVE host IP address like
>
> 111.222.333.74 (this last 74 is real) should have my VM´s  gateway with
> 111.222.333.254 or 111.222.333.137.
>
> That´s what I am asking.
>
> Right now my legacy server has exactly the same IP address and the new
> one except that the last .74 is .220. The gateways configured in all VMs
> running perfectly on that legacy server has also .254 as gateway in
> their configuration. That´s what confuses me.
>
> So summarizing:
>
> legacy dedicated server IP: 111.222.333.220
>
> --> All VMs have 111.222.333.254 as gateway
>
> new dedicated server IP: 111.222.333.74
>
> --> Configuring 111.222.333.254 in the VM makes reachable the public IP
> address of the new server and the gateway but I can´t ping to the
> outside world.
>
> I hope this clarifies the situation :)
>
> Miguel
>
>
> On 12/16/18 8:03 PM, Stephan Leemburg wrote:
>> Hi Miguel,
>>
>> Yes, on the pve host the OVH gateway is the .254
>>
>> But your containers and vm's on the pve host must use the ip address
>> of the pve as their default gateway.
>>
>> Also you need to assign mac addresses from the ovh control panel if
>> you are using the public failover ip addresses.
>>
>> Kind regards,
>> Stephan
>>
>> On 16-12-18 18:30, Miguel González wrote:
>>> Hi Stephan,
>>>
>>>     I use public failover IP addresses. I ask about your gateway
>>> configuration, you use:
>>>
>>>     91.121.183.137
>>>
>>>     and as far as I know, the gateway must be the public IP address of
>>> the
>>> host ending with .254. That´s what OVH says in their docs.
>>>
>>>     Thanks!
>>>
>>> On 12/15/18 2:43 PM, Stephan Leemburg wrote:
>>>> OVH Requires you to route traffic from VM's via the IP address of your
>>>> hardware.
>>>>
>>>> So 137 is the ip address of the hardware.
>>>>
>>>> Do you use any public ip addresses on your soyoustart system?
>>>>
>>>> Or just private range and then send them out via NAT?
>>>>
>>>> Met vriendelijke groet,
>>>> Stephan Leemburg
>>>> IT Functions
>>>>
>>>> e: sleemburg at it-functions.nl
>>>> p: +31 (0)71 889 23 33
>>>> m: +31(0)6 83 22 30 69
>>>> kvk: 27313647
>>>>
>>>> On 15-12-18 14:39, Miguel González wrote:
>>>>> There must be something wrong with the configuration since I have
>>>>> tested
>>>>> another server and seems to be fine.
>>>>>
>>>>> Why do you use 137? In the proxmox docs they say the gateway is
>>>>> xxx.xxx.xxx.254
>>>>>
>>>>> Thanks!
>>>>>
>>>>>
>>>>> On 12/15/18 2:16 PM, Stephan Leemburg wrote:
>>>>>> Did you setup routing correctly within the containers / vm's?
>>>>>> OVH/SoYouStart has awkward network routing requirements.
>>>>>>
>>>>>> I have 2 servers at soyoustart and they do fine with the correct
>>>>>> network configuration.
>>>>>>
>>>>>> Below is an example from one of my containers.
>>>>>>
>>>>>> Also, it is a good idea to setup a firewall and put your
>>>>>> containers on
>>>>>> vmbr devices connected to the lan side of your firewall.
>>>>>>
>>>>>> Then on the lan side you have 'normal' network configurations.
>>>>>>
>>>>>> The pve has ip address 91.121.183.137
>>>>>>
>>>>>> I have a subnet 54.37.62.224/28 on which containers and vm's live.
>>>>>>
>>>>>> # cat /etc/network/interfaces
>>>>>>
>>>>>> auto lo
>>>>>> iface lo inet loopback
>>>>>>
>>>>>> auto eth0
>>>>>> iface eth0 inet static
>>>>>>        address 54.37.62.232
>>>>>>        netmask 255.255.255.255
>>>>>>        pre-up /etc/network/firewall $IFACE up
>>>>>>        post-up ip route add 91.121.183.137 dev $IFACE
>>>>>>        post-up ip route add 54.37.62.224/28 dev $IFACE
>>>>>>        post-up ip route add default via 91.121.183.137 dev $IFACE
>>>>>>        post-down ip route del default via 91.121.183.137 dev $IFACE
>>>>>>        post-down ip route del 54.37.62.224/28 dev $IFACE
>>>>>>        post-down ip route del 91.121.183.137 dev $IFACE
>>>>>>        post-down /etc/network/firewall $IFACE down'
>>>>>>
>>>>>>
>>>>>> Met vriendelijke groet,
>>>>>> Stephan Leemburg
>>>>>>
>>>>>> On 15-12-18 13:02, Miguel González wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>>        I am migrating some VMs from a Soyoustart (OVH) Proxmox 5.1
>>>>>>> to a
>>>>>>> brand new Proxmox 5.3 server (again Soyoustart).
>>>>>>>
>>>>>>>        I have followed the instructions from OVH and Proxmox and I
>>>>>>> can ping
>>>>>>> from the VM to the host and the gateway and I can ping from the
>>>>>>> host to
>>>>>>> the VM. But I can´t ping the DNS server or anything outside the host
>>>>>>> machine (i.e.: the legacy Proxmox host).
>>>>>>>
>>>>>>>       Some people suggest to enable ip forwarding, but I don´t have
>>>>>>> enabled
>>>>>>> on the legacy server.
>>>>>>>
>>>>>>>       But I enable it anyway echo 1 > /proc/sys/net/ipv4/ip_forward
>>>>>>>          and nothing happens.
>>>>>>>
>>>>>>>       iptables seems to be turned off both in host and vm:
>>>>>>>
>>>>>>>        iptables -L
>>>>>>> Chain INPUT (policy ACCEPT)
>>>>>>> target     prot opt source               destination
>>>>>>>
>>>>>>> Chain FORWARD (policy ACCEPT)
>>>>>>> target     prot opt source               destination
>>>>>>>
>>>>>>> Chain OUTPUT (policy ACCEPT)
>>>>>>> target     prot opt source               destination
>>>>>>>
>>>>>>> So I´m out of ideas here
>>>>>>>
>>>>>>> Any suggestion?
>>>>>>>
>>>>>>> Miguel
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> ---
>>>>>>> This email has been checked for viruses by AVG.
>>>>>>> https://www.avg.com
>>>>>>> _______________________________________________
>>>>>>> pve-user mailing list
>>>>>>> pve-user at pve.proxmox.com
>>>>>>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>


More information about the pve-user mailing list