Proxmox VM Reachable Only From Proxmox Host (Fix /32 Netmask)¶
Objective¶
Fix a VM networking issue where:
- The VM IP (example: 192.168.1.130) is reachable from the Proxmox host
- But not reachable from other LAN devices
Root cause in this case: the VM interface was configured as /32 instead of /24.
Symptoms¶
- Only Proxmox host can ping/access VM
- Other LAN clients cannot ping/access VM services
- Services work locally on the VM but appear offline from the LAN
Step 1: Confirm Proxmox bridge is correct (host-side)¶
On Proxmox:
Expected pattern:
- vmbr0 has the Proxmox LAN IP (example: 192.168.1.102/24)
- bridge-ports includes the physical NIC (example: enp2s0)
- VM TAP interfaces are attached to vmbr0
Example:
auto vmbr0
iface vmbr0 inet static
address 192.168.1.102/24
gateway 192.168.1.1
bridge-ports enp2s0
bridge-stp off
bridge-fd 0
If this is wrong, fix bridge wiring first.
Step 2: Check VM interface netmask (VM-side)¶
On the VM:
Problem case observed:
Why /32 breaks LAN reachability:
- /32 is a host route, not a subnet
- the VM lacks a correct on-link route for 192.168.1.0/24
- LAN communication becomes inconsistent or fails entirely
Step 3: Fix netmask via Netplan (Ubuntu)¶
1) Identify netplan file:
2) Edit the YAML (example file name):
Set:
network:
version: 2
ethernets:
eth0:
dhcp4: no
addresses:
- 192.168.1.130/24
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses:
- 1.1.1.1
- 8.8.8.8
3) Apply safely:
Confirm when prompted, then:Step 4: Verify the fix¶
Expected:
- 192.168.1.130/24 on eth0
- A route similar to:
From another LAN machine:
- ping 192.168.1.130
- open service (example: http://kb.local.host)
Notes¶
If you still cannot reach the VM after fixing /24, check:
- IP conflict on the LAN
- firewall rules (UFW/nftables) on the VM
- WiFi client isolation or VLAN segmentation