Firewall considerations

S

sitedesign

New Member
Jun 16, 2008
12
0
1
We have several servers in a data center which are part of our Proxmox cluster.

We have 64 IP's for the servers. We have a firewall server with 2 NIC's one for the internet connection and one going to the switch with all the servers attached. The firewall is set-up using bridging so that each server behind it also has public IP's from our range (the firewall server is an Ubuntu server with Shorewall-perl).

So far I have allocated a public IP to each HW node and then one public IP for each container (venet). I then allocate additional public IP's to the containers for SSL sites etc using:
HW Node# vzctl set 101 --ipadd 192.168.1.4 --save

Are there any considerations we should be aware of when adding IP's to the VM's in the cluster.

Regards
Peter King
 
sitedesign said:
We have several servers in a data center which are part of our Proxmox cluster.

We have 64 IP's for the servers. We have a firewall server with 2 NIC's one for the internet connection and one going to the switch with all the servers attached. The firewall is set-up using bridging so that each server behind it also has public IP's from our range (the firewall server is an Ubuntu server with Shorewall-perl).

So far I have allocated a public IP to each HW node and then one public IP for each container (venet). I then allocate additional public IP's to the containers for SSL sites etc using:
HW Node# vzctl set 101 --ipadd 192.168.1.4 --save

Are there any considerations we should be aware of when adding IP's to the VM's in the cluster.

Regards
Peter King
Click to expand...

Hi Peter,

looks ok, but if you need a security analysis for your setup, the Proxmox forum is not the right place.
 
Sorry I wasn't very clear in my question.
What I was asking is do I have to consider anything with regards to how the virtual networking is done in Proxmox (VENET)?
I presume there is some routing going on but I was not sure what affect this may have on firewalls in my set-up.
 
There is no /30 routed with two IPs to worry about or anything like that.

Whatever IPs you assign to the VZ containers or KVMs you should just treat them like real physical machines and firewall their IPs accordingly.
 
sitedesign said:
Sorry I wasn't very clear in my question.
What I was asking is do I have to consider anything with regards to how the virtual networking is done in Proxmox (VENET)?
I presume there is some routing going on but I was not sure what affect this may have on firewalls in my set-up.
Click to expand...

Is there are error somewhere?

Does something not work as expected?

- Dietmar
 
I will find out next week as I will be going to the data center to adjust the firewall and then I will be adding more IP's to the containers for the sites we are starting to move onto them.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back