Unable to update servers

Misinthe

Hello everyone, I'm very new to PfSense, I just recently created a VM with it to act as my firewall, I was trying to do some work and just noticed that I can't do any apt-get update and upgrade on any of my Linux based systems, does anyone know what could the issue be? I keep getting this error.

Thank you for any advice!

viragomann

@misinthe
Seems the server cannot resolve host names.
I assume, pfSense acts as your DNS server. So is the Proxmox servers DNS client configured properly to use it?

Patch

@misinthe said in Unable to update servers:

does anyone know what could the issue be?

If running Proxmox 7.1 with pfsense running as a VM so when Proxmox boots there is no DHCP, DNS, gateway to the internet:

Leave the IP address of Proxmox set in Proxmox
Add a DHCP entry in your DHCP server to set the IP address of Proxmox to the same value set in 1. above

See See https://forum.proxmox.com/threads/host-network-access-lost-after-proxmox-upgrade-7-0-to-7-1-router-vm-with-pass-through-nic.100091/#post-435007

Misinthe

@patch said in Unable to update servers:

@misinthe said in Unable to update servers:

does anyone know what could the issue be?

If running Proxmox 7.1 with pfsense running as a VM so when Proxmox boots there is no DHCP, DNS, gateway to the internet:

Leave the IP address of Proxmox set in Proxmox

Add a DHCP entry in your DHCP server to set the IP address of Proxmox to the same value set in 1. above

See See https://forum.proxmox.com/threads/host-network-access-lost-after-proxmox-upgrade-7-0-to-7-1-router-vm-with-pass-through-nic.100091/#post-435007

So I have a link aggregation running on Proxmox, I already set up the manual IP and Gateway, how do I set up the DNS server?

viragomann

@misinthe
You can simply set it in the web GUI:

or edit /etc/resolv.conf

Misinthe

@viragomann said in Unable to update servers:

@misinthe
You can simply set it in the web GUI:

or edit /etc/resolv.conf

alt text

So, I did it the hard way, I did this in my test proxmox on my DMZ because I didn't want to be playing with Production until I'm sure what the issue is. It, still didn't work, here are my settings.

8b1ac251-054c-4b48-b487-187da5a90c99-resolv.conf.JPG

32053226-af4a-4392-9e44-861d6855ec99-Network Interfaces.JPG

viragomann

@misinthe
Is the DNS access allowed on pfSense??

If it is check with dig if you can resolve anything.

Misinthe

@viragomann I have the DNS Resolver on, and the rules on the Firewall to allow port 53 towards 127.0.0.1, I'm not sure what else to check. As for the Dig, it comes up with this.

viragomann

@misinthe
So you've changed the network settings in Proxmox, removed the bond and use a single network port in vmbr0?

And you have a pfSense interface connected to this bridge and configured properly? And you have opened port 53 for UDP/TCP packets?
Can you ping the pfSense IP at all? Ensure to allow it.

Misinthe

@viragomann said in Unable to update servers:

@misinthe
So you've changed the network settings in Proxmox, removed the bond and use a single network port in vmbr0?

And you have a pfSense interface connected to this bridge and configured properly? And you have opened port 53 for UDP/TCP packets?
Can you ping the pfSense IP at all? Ensure to allow it.

On the test server I don't have a bond, it's just 1 connection from the PfSense VM to the Host, so there's only 1 connection on vmbr0.

This is the network config.
9aa0d392-630c-44f4-9b8f-a7094b2d2188-Network Interfaces.JPG

This is the DNS on Proxmox.
c8b03215-b9d1-47ed-b7c9-79594d79e373-resolv.conf.JPG

This is my NAT Forwarding

And I have this Rule on the OPT1 Firewall

Patch

@misinthe said in Unable to update servers:

So I have a link aggregation running on Proxmox, I already set up the manual IP and Gateway, how do I set up the DNS server

For Proxmox 7.1 for me to be able to ping the hypervisor and for the hypervisor to be able to download updates, the work around I have used is

Leave the Hypervisor IP address set to a fixed value in Proxmox. This is normally set during Proxmox installation but can be changed by Proxmox -> Datacentre -> <pve> -> Network -> vmbr0 -> Edit -> IPv4/CIDR.
In pfsense set a static IPv4 address for Proxmox. Login to pfsense -> Services -> DHCP Server -> Select the interface you access Proxmox from -> Scroll to the bottom of the page to "DHCP Static Mappings for this Interface" -> Add -> enter Proxmox IPv4 address and it's mac address.

Step 1 is a normal requirement. Step 2 is a work around for Proxmox 7.1 running the networks router (which means when Proxmox boots there is no DHCP server, DNS, or gateway to the Internet). There are probably other ways of working around this issue, which I would prefer as I don't like programs interacting like this. However I'm using this work around until a better solution is found. Btw I pass through all NIC pfsense uses however when making a pfsense VM without pass through made no difference the this behavior.

Misinthe

@patch said in Unable to update servers:

@misinthe said in Unable to update servers:

So I have a link aggregation running on Proxmox, I already set up the manual IP and Gateway, how do I set up the DNS server

For Proxmox 7.1 for me to be able to ping the hypervisor and for the hypervisor to be able to download updates, the work around I have used is

Leave the Hypervisor IP address set to a fixed value in Proxmox. This is normally set during Proxmox installation but can be changed by Proxmox -> Datacentre -> <pve> -> Network -> vmbr0 -> Edit -> IPv4/CIDR.

In pfsense set a static IPv4 address for Proxmox. Login to pfsense -> Services -> DHCP Server -> Select the interface you access Proxmox from -> Scroll to the bottom of the page to "DHCP Static Mappings for this Interface" -> Add -> enter Proxmox IPv4 address and it's mac address.

Step 1 is a normal requirement. Step 2 is a work around for Proxmox 7.1 running the networks router (which means when Proxmox boots there is no DHCP server, DNS, or gateway to the Internet). There are probably other ways of working around this issue, which I would prefer as I don't like programs interacting like this. However I'm using this work around until a better solution is found. Btw I pass through all NIC pfsense uses however when making a pfsense VM without pass through made no difference the this behavior.

Thank you for the reply, that's one more step closer! Sadly, it did not fix my issue. I also spun up a VM in that host to see how the IP looked, and this is what I get. I'm not sure what that virbr0 connection is all about but it's getting a 192.168.0.0/24 instead of the 10.30.0.0/24

Patch

@misinthe
in a Proxmox console try

systemctl restart networking

Doing so also fixes Proxmox networking for me but corrupts

reboot

But if you have a physical console connected to Proxmox you can get and idea of what is happening and after reboot is done a few times it seams to settle down again until the next change to network configuration involving Proxmox.

Misinthe

@patch said in Unable to update servers:

@misinthe
in a Proxmox console try
systemctl restart networking
Doing so also fixes Proxmox networking for me but corrupts
reboot
But if you have a physical console connected to Proxmox you can get and idea of what is happening and after reboot is done a few times it seams to settle down again until the next change to network configuration involving Proxmox.

I was messing around on PfSense, trying the network to get the DNS server. And now I got a different error when trying the apt-get update.

I will try the restart networking in the morning. Appreciate all the help.