Limit IP Address for VE

C

Coolmike77

New Member
Aug 14, 2009
4
0
1
Hi

I just installed proxmox the first time and was surprised how easy it is. After a very shourt time, I had my first windows vps online.

My question is, how can I limit the ip address which this vps can use? At the moment the person who is using the vps can change the ip address to any ip address in my network. Is it not possible to define the ip address which this vps can use?

Thanks
Michael
 
Coolmike77 said:
Hi

I just installed proxmox the first time and was surprised how easy it is. After a very shourt time, I had my first windows vps online.

My question is, how can I limit the ip address which this vps can use? At the moment the person who is using the vps can change the ip address to any ip address in my network. Is it not possible to define the ip address which this vps can use?

Thanks
Michael
Click to expand...

welcome here! Proxmox VE has 2 different virtualization technologies, so do you talk about KVM (Full virtualization) or OpenVZ (container virtualization)?
 
Coolmike77 said:
Hi

We are using KVM, because we need Windows VPS.

Thanks
Michael
Click to expand...

you need to protect your network in the same manner as you would do it with physical servers (firewalls, vpn, logins, etc.)
 
I know that I still have to secure my windows vps which is running under proxmox. But how can I be sure, that the owner of this windows vps is not changing the ip address to an ip address which is already in use in my network. For example the vps owner change the ip to the ip address of the default gateway, I think my whole network is down. Is there no possibility in proxmox to limit a vps to a certain ip address that only this ip is working?
 
Coolmike77 said:
But how can I be sure, that the owner of this windows vps is not changing the ip address to an ip address which is already in use in my network.
Click to expand...

A VM behave like a physical computer. You do not want someone untrusted to have access to a VM inside your network.

The solution is to use another network, and place a firewall in between.

- Dietmar
 
Thanks for all the answers. This means, proxmox is not really made for Hosters which are selling VPS to customers. Otherwiese I need to resubnet my ip network but would lose to many ip addresses.

Thanks
Michael
 
This has not really anything to do with PVE. You will find this problem with any server or virtual server technology. It is an inherent problem with hosts in the same network.
The two solutions I know of are described above.
 
An easy solution is to restrict the ip and mac address into the VPS tap device with ebtables.

Remember that DHCP will not work, only static IP.

#!/bin/bash

MACADDR=B6:14:45:B3:40:F9 #/etc/qemu-server/103.conf
IPADDR=10.10.46.190
KVMDEVICE=vmtab103i0 ##The tap device for VM 103

ebtables -F

ebtables -P FORWARD ACCEPT
ebtables -A FORWARD -i ${KVMDEVICE} -s ! ${MACADDR} -j DROP

ebtables -A FORWARD -s ${MACADDR} -p IPv4 --ip-src ! ${IPADDR} -j DROP
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back