Bizarre network behavior, unable to communicate with VM but can ping
Ok so the tl;dr on my network is I have a home server, desktop, and a firewall device all connected to a switch. Inside my home server I have several VMs on their own bridged interface and subnet routed via the firewall and home server. I am able to use my desktop to ping my devices, but I am unable to access the VMs through any services (see image). I am able to SSH into the server itself and then into the devices, but I cannot interact with the devices inside.
25 Replies
for reference, the accepted pubkey there is from the hypervisor
left is me trying to ssh directly into the system
ssh user@ipaddr
Try that and see if that changes the outcome because you're missing the "user" in the left screenshot.
it's worked without that for months
but will try once it finishes rebooting
Worth a shot, and a simple rule-out step
nope
Is there a firewall/firewall rules for these VMs?
there are firewalls in the way but none of them would block this
Are you sure?
Zero inbound/outbound rules that would affect the service, port, or IPs?
Also, assuming there are zero firewall rules in the way, next thing I would personally do is yoink the server logs to see what's happening on that side of the fence during the attempted connections.
:VentiShrug:
this is what's so fucking confusing about this to me
Alright, what about server logs?
posted already, i only see the connection from my hypervisor
i tried wireshark, i see the pings going into the bridge interface and some ssh packets but i see a bunch of TCP retries and that's it
I'm off to do the shleepin', but if you don't have a solution tomorrow when I get up I'll help figure it out. If it worked until recently, I feel like something changed/reverted somewhere, possibly on an interface, and its causing an issue with the bridge.
the big network related changes so far are i installed a SFP card and a usb-a to ethernet adapter into the hypervisor, and i plugged in a raspberry pi
removing the USB adapter didn't noticeably change anything but i also didn't try rebooting after so ill give that a shot
ill try removing the SFP card while im at it
nope
tried rebooting both of my computers and removing the sfp card, nothing
Alright, just so I understand how this network topology is laid out. From my understanding, this is a network of VMs contained inside a server external to the PC you are trying to ssh from. In that server, the VMs are connected to a bridge that historically has allowed you to successfully ssh into the individual machines without having to go through the server itself first. The ssh PC is on the same network as the server/vms, and ssh is failing while you can ping he individual VMs. Is that correct? If not, correct me where needed. I'm trying to piece this puzzle together in my head without a topology in front of me.
yes that's correct
i have a topology diagram somewhere let me pull it up
it's a little out of date but close enough
only real change is vyos is now a palo alto firewall
And this is the path you're attempting to take, but hyperv is what is failing to successfully connect via ssh and crash-landing is connecting, right?
nope neither hyperv (aka silence) nor crash landing can connect
mfw someone else actually has to endure my stupid names
Ok, so I know we looked at Palo Alto boi (formerly VyOS), but I want to know about this guy - lgd. Router, dhcp server, gateway? What is it and what is it's function?
Nah, don't worry about goofy names, I've seen worse 😂
that's the hypervisor
it's lgd
ok so update
im unable to ssh into lgd on the 192 network
so i am able to ssh from the 10 address but not 192 address
so the entier 192 address is just borked
this could be a palo alto firewall issue but my dad is using my network right now so thatll have to wait
also how are you getting the light effect on your username :wow_doggin_is_so_smart:
ok update update
DNS works just fine
UDP traffic is perfectly fine
TCP traffic is not
what the balls is wrong :natsunotlikethis:
this is so obviously a firewall issue but none of my firewalls are on
i might as well try updating and powercycling my pal alto
i love palo alto networks
ok update update, i got it working! if i just put in a manual route it just works
so it probably is a problem with my palo alto config
not likely a routing issue but firewall is goofed