# Internet Connectivity Test Report **Date:** 2026-01-20 **Test Type:** Comprehensive Internet Connectivity Review **Containers Tested:** 7800 (API), 7801 (Portal), 7802 (Keycloak), 7803 (PostgreSQL) --- ## Executive Summary **Status:** ❌ **CONNECTIVITY ISSUES DETECTED** All containers are configured correctly but **cannot reach gateway or internet**. The host can reach the gateway, indicating the issue is with container-to-bridge communication. --- ## Test Results Summary | Container | Service | IP | Status | Gateway | Host | Internet | DNS | HTTP/HTTPS | |-----------|---------|----|----|---------|------|----------|-----|------------| | 7800 | API | 192.168.11.50 | ✅ Running | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | | 7801 | Portal | 192.168.11.51 | ✅ Running | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | | 7802 | Keycloak | 192.168.11.52 | ✅ Running | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | | 7803 | PostgreSQL | 192.168.11.53 | ✅ Running | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | ❌ FAIL | --- ## Detailed Test Results ### ✅ Container Status - **All containers:** Running - **All IPs:** Correctly assigned (192.168.11.50-53) - **All interfaces:** UP and configured ### ✅ Network Configuration - **Bridge:** vmbr0v11 (UP) - **Subnet:** 192.168.11.0/24 - **Gateway:** 192.168.11.1 - **Routing:** Default routes configured correctly ### ✅ DNS Configuration - **All containers:** Using 192.168.11.1 as nameserver - **Note:** DNS will fail if gateway is unreachable ### ❌ Connectivity Tests #### Gateway Connectivity (192.168.11.1) - **7800:** ❌ FAIL - **7801:** ❌ FAIL - **7802:** ❌ FAIL - **7803:** ❌ FAIL - **Host:** ✅ OK (host can reach gateway) #### Host Connectivity (192.168.11.11) - **All containers:** ❌ FAIL (cannot reach Proxmox host) #### Internet Connectivity (8.8.8.8) - **All containers:** ❌ FAIL #### DNS Resolution - **All containers:** ❌ FAIL (cannot resolve google.com) #### HTTP/HTTPS Connectivity - **All containers:** ❌ FAIL #### Package Repository Access - **All containers:** ❌ FAIL (cannot update packages) --- ## Network Interface Details ### Container Network Interfaces All containers have eth0 interfaces that are: - **State:** UP - **MTU:** 1500 - **Type:** veth (virtual ethernet) ### Host Bridge Status - **vmbr0v11:** UP and operational - **Note:** Bridge has no IP address (normal for LXC bridges) --- ## Routing Information ### Container Routing Tables All containers have correct routing: ``` default via 192.168.11.1 dev eth0 proto static 192.168.11.0/24 dev eth0 proto kernel scope link src ``` --- ## Root Cause Analysis ### Issue Identified **Containers cannot communicate through vmbr0v11 bridge** ### Possible Causes 1. **VLAN Tagging Issue:** - Containers may need VLAN tag configuration - vmbr0v11 might not be properly forwarding untagged traffic - VLAN 11 interface on router may require tagged traffic 2. **Bridge Configuration:** - vmbr0v11 may need additional configuration - Bridge may not be forwarding packets correctly - Firewall rules may be blocking traffic 3. **Router/Gateway Configuration:** - Gateway 192.168.11.1 may not accept traffic from containers - VLAN 11 interface may not be configured on router - Inter-VLAN routing may be disabled 4. **Network Isolation:** - VLAN 11 may have network isolation enabled - Firewall rules may block container-to-gateway communication - ACL rules may prevent inter-VLAN communication --- ## Recommendations ### Immediate Actions 1. **Check Router Configuration:** ```bash # Verify VLAN 11 interface exists on router # Check if gateway 192.168.11.1 responds to VLAN 11 traffic # Verify inter-VLAN routing is enabled ``` 2. **Check Bridge Configuration:** ```bash # Verify vmbr0v11 is properly configured # Check if bridge needs VLAN tagging # Verify bridge forwarding is enabled ``` 3. **Test Inter-Container Communication:** ```bash # Test if containers can reach each other # This will help isolate if issue is with bridge or gateway ``` 4. **Check Firewall Rules:** ```bash # Verify firewall allows VLAN 11 traffic # Check if containers are blocked by firewall # Verify ACL rules allow container communication ``` ### Configuration Options #### Option 1: Use vmbr0 (Native VLAN 11) If containers should be on native VLAN 11 (untagged): ```bash # Change bridge from vmbr0v11 to vmbr0 # This assumes vmbr0 is on VLAN 11 pct set -net0 bridge=vmbr0,name=eth0,ip=/24,gw=192.168.11.1 ``` #### Option 2: Configure VLAN Tagging If containers need VLAN 11 tagged: ```bash # Add VLAN tag to container network pct set -net0 bridge=vmbr0,name=eth0,tag=11,ip=/24,gw=192.168.11.1 ``` #### Option 3: Use Host as Gateway If router gateway is not accessible: ```bash # Configure host to route for containers # Enable IP forwarding on host # Configure NAT if needed ``` --- ## Test Commands Reference ### Check Container IPs ```bash ssh root@192.168.11.11 "for vmid in 7800 7801 7802 7803; do echo \"VMID \$vmid:\"; pct exec \$vmid -- ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'; done" ``` ### Test Gateway ```bash ssh root@192.168.11.11 "for vmid in 7800 7801 7802 7803; do echo -n \"VMID \$vmid -> 192.168.11.1: \"; pct exec \$vmid -- ping -c 1 -W 2 192.168.11.1 >/dev/null 2>&1 && echo 'OK' || echo 'FAIL'; done" ``` ### Test Inter-Container ```bash ssh root@192.168.11.11 "pct exec 7803 -- ping -c 1 192.168.11.50 && echo '7803 -> 7800: OK'" ``` ### Check Bridge Status ```bash ssh root@192.168.11.11 "ip link show vmbr0v11" ``` ### Check Routing ```bash ssh root@192.168.11.11 "pct exec 7803 -- ip route show" ``` --- ## Next Steps 1. **Investigate Bridge Configuration:** - Check if vmbr0v11 needs VLAN tagging - Verify bridge forwarding rules - Test with different bridge configuration 2. **Check Router Configuration:** - Verify VLAN 11 interface on router - Check inter-VLAN routing settings - Verify firewall/ACL rules 3. **Test Alternative Configurations:** - Try using vmbr0 instead of vmbr0v11 - Test with VLAN tagging - Test with host routing 4. **Document Resolution:** - Document working configuration - Update deployment scripts - Update network documentation --- **Report Generated:** 2026-01-20 **Status:** ❌ Connectivity Issues - Requires Investigation **Priority:** 🔴 High - Blocks service deployment