Tag Archives: Proxmox

Preventing Windows guests from creating network profiles in Proxmox

Many of my servers run under the Proxmox virtual environment. For servers that doesn’t have a dedicated IP available for its guests I use iptables based NAT network to forward packets as described in my previous article: https://manatails.net/blog/2018/04/running-proxmox-with-nat/

But I came across a problem where Windows guests detect the network as ‘Unknown’ and try to create a new network profile every reboot.

2018-10-08 19_13_51-pve - Proxmox Virtual Environment

Not only it looked bad to have random names ‘Network 18’, but also the network type defaults to public network so any rules in private network get ignored until I manually set the network type to private.

I looked a bit in depth and found that the feature is called ‘Network Location Awareness’ per the original article https://msdn.microsoft.com/en-us/library/aa480195.aspx

From the page:

Digital Subscriber Line (DSL) and cable modems typically act as network address translators (NATs). As a result, their MAC addresses can be used to uniquely qualify the user’s network. NLA uses the MAC address of the user’s DSL or cable modem as the link ID.

Practically, Windows was using the MAC address of the default gateway to diffrentiate the network.

So I had to give the NAT interface a unique MAC address in order to be recognized.

2018-10-08 19_03_50-192.168.27.61 - PuTTY

Add ‘hwaddress ether’ to the interface config and give a random mac address, then windows will consistently identify the network.

2018-10-08 19_16_12-monica.mananet.net_444 - Remote Desktop Connection

Finally open regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList then delete all entries in Profiles and Signatures to get rid of previously detected networks and reset the counter.

 

Adding a new disk to Proxmox VE

root@elizabeth:/etc/lvm# fdisk /dev/sdb

Welcome to fdisk (util-linux 2.29.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): g

Created a new GPT disklabel (GUID: DBD738EC-7ED5-4FC0-9474-1018CF3E4F12).

Command (m for help): n
Partition number (1-128, default 1):
First sector (34-500118158, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-500118158, default 500118158):

Created a new partition 1 of type 'Linux filesystem' and of size 238.5 GiB.

Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): 8e
Type of partition 1 is unchanged: Linux filesystem.

Command (m for help): p
Disk /dev/sdb: 238.5 GiB, 256060514304 bytes, 500118192 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: DBD738EC-7ED5-4FC0-9474-1018CF3E4F12

Device Start End Sectors Size Type
/dev/sdb1 2048 500118158 500116111 238.5G Linux filesystem

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

root@elizabeth:/etc/lvm# pvcreate /dev/sdb1
Physical volume "/dev/sdb1" successfully created.
root@elizabeth:/etc/lvm# vgcreate ssd2 /dev/sdb1
Volume group "ssd2" successfully created
root@elizabeth:/etc/lvm# lvcreate --type thin-pool -L 100G -n data ssd2
Logical volume "data" created.
root@elizabeth:/etc/lvm# lvextend -l +100%FREE ssd2/data
Size of logical volume ssd2/data changed from 100.00 GiB (25600 extents) to 238.47 GiB (61049 extents).
Logical volume ssd2/data successfully resized.

Then it is possible to add the newly created LVM-Thin volume from the Web interface.

Running Proxmox with NAT

The default proxmox installation only supports basic NAT function with limited capabilities.

In order to create a working internal network you need to define a new network manually

Add the following entry to /etc/network/interfaces

vmbr0 is the WAN interface, if you use a different interface change it accordingly.


auto vmbr1
iface vmbr1 inet static
address  10.0.0.1
netmask  255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0


post-up echo 1 > /proc/sys/net/ipv4/ip_forward


post-up iptables -t nat -A POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.0.0.0/24' -o vmbr0 -j MASQUERADE

 

And add port forwarding rules like this:

post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 222 -j DNAT --to 10.0.0.100:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 222 -j DNAT --to 10.0.0.100:22

 

Apply the settings with:
/etc/init.d/networking restart