d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
7e6f1fa9800ebd47f49ddff521da15bcc1859fe6
proxmox/docs/archive/deployment-reports/INTERNET_CONNECTIVITY_TEST_REPORT.md
defiQUG fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
Details
docs: Ledger Live integration, contract deploy learnings, NEXT_STEPS updates 
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands
- CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround
- CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check
- NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere
- MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates
- LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-12 15:46:57 -08:00

6.4 KiB
Raw Blame History

Internet Connectivity Test Report

Date: 2026-01-20
Test Type: Comprehensive Internet Connectivity Review
Containers Tested: 7800 (API), 7801 (Portal), 7802 (Keycloak), 7803 (PostgreSQL)

Executive Summary

Status: CONNECTIVITY ISSUES DETECTED

All containers are configured correctly but cannot reach gateway or internet. The host can reach the gateway, indicating the issue is with container-to-bridge communication.

Test Results Summary

Container Service IP Status Gateway Host Internet DNS HTTP/HTTPS
7800 API 192.168.11.50 Running FAIL FAIL FAIL FAIL FAIL
7801 Portal 192.168.11.51 Running FAIL FAIL FAIL FAIL FAIL
7802 Keycloak 192.168.11.52 Running FAIL FAIL FAIL FAIL FAIL
7803 PostgreSQL 192.168.11.53 Running FAIL FAIL FAIL FAIL FAIL

Detailed Test Results

Container Status

  • All containers: Running
  • All IPs: Correctly assigned (192.168.11.50-53)
  • All interfaces: UP and configured

Network Configuration

  • Bridge: vmbr0v11 (UP)
  • Subnet: 192.168.11.0/24
  • Gateway: 192.168.11.1
  • Routing: Default routes configured correctly

DNS Configuration

  • All containers: Using 192.168.11.1 as nameserver
  • Note: DNS will fail if gateway is unreachable

Connectivity Tests

Gateway Connectivity (192.168.11.1)

  • 7800: FAIL
  • 7801: FAIL
  • 7802: FAIL
  • 7803: FAIL
  • Host: OK (host can reach gateway)

Host Connectivity (192.168.11.11)

  • All containers: FAIL (cannot reach Proxmox host)

Internet Connectivity (8.8.8.8)

  • All containers: FAIL

DNS Resolution

  • All containers: FAIL (cannot resolve google.com)

HTTP/HTTPS Connectivity

  • All containers: FAIL

Package Repository Access

  • All containers: FAIL (cannot update packages)

Network Interface Details

Container Network Interfaces

All containers have eth0 interfaces that are:

  • State: UP
  • MTU: 1500
  • Type: veth (virtual ethernet)

Host Bridge Status

  • vmbr0v11: UP and operational
  • Note: Bridge has no IP address (normal for LXC bridges)

Routing Information

Container Routing Tables

All containers have correct routing:

default via 192.168.11.1 dev eth0 proto static
192.168.11.0/24 dev eth0 proto kernel scope link src <container-ip>

Root Cause Analysis

Issue Identified

Containers cannot communicate through vmbr0v11 bridge

Possible Causes

  1. VLAN Tagging Issue:

    • Containers may need VLAN tag configuration
    • vmbr0v11 might not be properly forwarding untagged traffic
    • VLAN 11 interface on router may require tagged traffic

  2. Bridge Configuration:

    • vmbr0v11 may need additional configuration
    • Bridge may not be forwarding packets correctly
    • Firewall rules may be blocking traffic

  3. Router/Gateway Configuration:

    • Gateway 192.168.11.1 may not accept traffic from containers
    • VLAN 11 interface may not be configured on router
    • Inter-VLAN routing may be disabled

  4. Network Isolation:

    • VLAN 11 may have network isolation enabled
    • Firewall rules may block container-to-gateway communication
    • ACL rules may prevent inter-VLAN communication

Recommendations

Immediate Actions

  1. Check Router Configuration:

    # Verify VLAN 11 interface exists on router
# Check if gateway 192.168.11.1 responds to VLAN 11 traffic
# Verify inter-VLAN routing is enabled

  2. Check Bridge Configuration:

    # Verify vmbr0v11 is properly configured
# Check if bridge needs VLAN tagging
# Verify bridge forwarding is enabled

  3. Test Inter-Container Communication:

    # Test if containers can reach each other
# This will help isolate if issue is with bridge or gateway

  4. Check Firewall Rules:

    # Verify firewall allows VLAN 11 traffic
# Check if containers are blocked by firewall
# Verify ACL rules allow container communication

Configuration Options

Option 1: Use vmbr0 (Native VLAN 11)

If containers should be on native VLAN 11 (untagged):

# Change bridge from vmbr0v11 to vmbr0
# This assumes vmbr0 is on VLAN 11
pct set <vmid> -net0 bridge=vmbr0,name=eth0,ip=<ip>/24,gw=192.168.11.1

Option 2: Configure VLAN Tagging

If containers need VLAN 11 tagged:

# Add VLAN tag to container network
pct set <vmid> -net0 bridge=vmbr0,name=eth0,tag=11,ip=<ip>/24,gw=192.168.11.1

Option 3: Use Host as Gateway

If router gateway is not accessible:

# Configure host to route for containers
# Enable IP forwarding on host
# Configure NAT if needed

Test Commands Reference

Check Container IPs

ssh root@192.168.11.11 "for vmid in 7800 7801 7802 7803; do echo \"VMID \$vmid:\"; pct exec \$vmid -- ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'; done"

Test Gateway

ssh root@192.168.11.11 "for vmid in 7800 7801 7802 7803; do echo -n \"VMID \$vmid -> 192.168.11.1: \"; pct exec \$vmid -- ping -c 1 -W 2 192.168.11.1 >/dev/null 2>&1 && echo 'OK' || echo 'FAIL'; done"

Test Inter-Container

ssh root@192.168.11.11 "pct exec 7803 -- ping -c 1 192.168.11.50 && echo '7803 -> 7800: OK'"

Check Bridge Status

ssh root@192.168.11.11 "ip link show vmbr0v11"

Check Routing

ssh root@192.168.11.11 "pct exec 7803 -- ip route show"

Next Steps

  1. Investigate Bridge Configuration:

    • Check if vmbr0v11 needs VLAN tagging
    • Verify bridge forwarding rules
    • Test with different bridge configuration

  2. Check Router Configuration:

    • Verify VLAN 11 interface on router
    • Check inter-VLAN routing settings
    • Verify firewall/ACL rules

  3. Test Alternative Configurations:

    • Try using vmbr0 instead of vmbr0v11
    • Test with VLAN tagging
    • Test with host routing

  4. Document Resolution:

    • Document working configuration
    • Update deployment scripts
    • Update network documentation

Report Generated: 2026-01-20
Status: Connectivity Issues - Requires Investigation
Priority: 🔴 High - Blocks service deployment

Reference in New Issue View Git Blame Copy Permalink