d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
master
proxmox/reports/VMID2400_PROXMOX_NETWORK_CHECK.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

139 lines
4.0 KiB
Markdown
Raw Permalink Blame History

# Proxmox Network Configuration Check for VMID 2400
**Date**: 2026-01-02
**Purpose**: Check for ACLs, firewall rules, or network configuration issues affecting 192.168.11.240
---
## Summary
**NO NETWORK-LEVEL RESTRICTIONS FOUND**
No ACLs, firewall rules, or network configuration issues were found that would prevent VMID 2400 (192.168.11.240) from connecting to validators 100 and 101.
---
## Detailed Findings
### 1. Proxmox Firewall Status
```
Status: disabled/running
```
- Proxmox firewall is **disabled**
- No firewall rules are active
### 2. iptables Rules
```
Chain INPUT (policy ACCEPT)
Chain FORWARD (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)
```
- **No rules** blocking any IP addresses
- All chains have **ACCEPT policy**
- No rules specific to 192.168.11.240, 192.168.11.100, 192.168.11.101, or 192.168.11.250
### 3. VM-Specific Firewall Configs
- **No firewall configs** found for:
- VMID 2400 (`/etc/pve/firewall/2400.fw`)
- VMID 2500 (`/etc/pve/firewall/2500.fw`)
- VMID 1000 (`/etc/pve/firewall/1000.fw`)
- VMID 1001 (`/etc/pve/firewall/1001.fw`)
### 4. Cluster/Host Firewall Configs
- **No cluster firewall config** (`/etc/pve/firewall/cluster.fw`)
- **No host firewall config** (`/etc/pve/nodes/<hostname>/host.fw`)
### 5. Network Configuration
#### Bridge Configuration
- All VMs are on the **same bridge**: `vmbr0`
- All veth interfaces are properly connected:
- `veth2400i0` - VMID 2400 (192.168.11.240) ✅
- `veth2500i0` - VMID 2500 (192.168.11.250) ✅
- `veth1000i0` - VMID 1000 (192.168.11.100) ✅
- `veth1001i0` - VMID 1001 (192.168.11.101) ✅
#### VM Network Configurations
All VMs have identical network configuration:
```
net0: name=eth0,bridge=vmbr0,gw=192.168.11.1,hwaddr=...,ip=192.168.11.X/24,type=veth
```
#### IP Address Assignments
- ✅ VMID 2400: `192.168.11.240/24` - **Correctly assigned**
- ✅ VMID 2500: `192.168.11.250/24` - **Correctly assigned**
- ✅ VMID 1000: `192.168.11.100/24` - **Correctly assigned**
- ✅ VMID 1001: `192.168.11.101/24` - **Correctly assigned**
#### Network Routing
```
default via 192.168.11.1 dev vmbr0 proto kernel onlink
192.168.11.0/24 dev vmbr0 proto kernel scope link src 192.168.11.10
```
- Standard routing configuration
- No route restrictions
### 6. nftables
- **No nftables rules** found blocking any IPs
---
## Conclusion
**There are NO network-level restrictions (ACLs, firewall rules, or network configuration issues) preventing VMID 2400 from connecting to validators 100 and 101.**
All network configurations are:
- ✅ Identical across all VMs
- ✅ Properly configured
- ✅ No firewall rules blocking traffic
- ✅ All VMs on the same bridge (vmbr0)
- ✅ IP addresses correctly assigned
---
## Implications
Since there are no network-level restrictions, the connectivity issue between VMID 2400 and validators 100/101 must be caused by:
1. **Besu application-level issue** - The validators may be rejecting connections at the Besu level (not network level)
2. **Besu internal state** - Validators may have cached connection rejections or internal state issues
3. **Timing/Initialization** - Validators may not be fully ready to accept connections
4. **Besu configuration difference** - There may be a subtle configuration difference between validators 100/101 and 102/103/104
**Next Steps:**
- Focus on Besu-level debugging rather than network-level
- Compare Besu configurations between working and non-working validators
- Check Besu logs for connection rejection reasons
- Consider restarting validators 100/101 to clear any internal state
---
## Verification Commands Used
```bash
# Firewall status
pve-firewall status
# iptables rules
iptables -L -n -v
iptables -L INPUT -n -v --line-numbers
iptables -L FORWARD -n -v --line-numbers
# Firewall configs
ls -la /etc/pve/firewall/
cat /etc/pve/firewall/2400.fw
cat /etc/pve/firewall/cluster.fw
# Network configs
pct config 2400 | grep net
brctl show
ip link show
# IP addresses
pct exec 2400 -- ip addr show
```
---
**Status**: ✅ Network configuration verified - No issues found
Reference in New Issue View Git Blame Copy Permalink