What is the best firewall for proxmox??

I will install it on the proxmox host itself, because i want it to be secured, too. Seems better than having it unsecured and being forced to install it on every single guest...
 
rootkid said:
I will install it on the proxmox host itself, because i want it to be secured, too. Seems better than having it unsecured and being forced to install it on every single guest...
Click to expand...
If you install it on a dedicated VM the idea is that every other VM hides behind it and the dedicated firewall VM does NAT/port forwarding to the 'internal' VMs. You certainly don't need to install it on every VM ;)
 
yatesco said:
If you install it on a dedicated VM the idea is that every other VM hides behind it and the dedicated firewall VM does NAT/port forwarding to the 'internal' VMs. You certainly don't need to install it on every VM ;)
Click to expand...

This also applies if you install the firewall on the HN hiding every other VM behind it?
 
raid said:
This also applies if you install the firewall on the HN hiding every other VM behind it?
Click to expand...
Yep, *but* be careful - I did this originally (using shorewall) but every time I wanted to add a new public IP I had to restart the machine. This is less painful when it is a VM but very painful when it is the physical machine.
 
yatesco said:
Yep, *but* be careful - I did this originally (using shorewall) but every time I wanted to add a new public IP I had to restart the machine. This is less painful when it is a VM but very painful when it is the physical machine.
Click to expand...

This is a very helpfull and important "statement"!
Thank you!
 
shouldn't it be ok just to trigger the shorewall script and restart iptables?
AFAIK, shorewall is just a bunch of seperate config files that are put together into iptables-rules by the shorewall-scripts...
If i'm forced to restart the whole Host i will of course put the firewall on a VM, too...
 
is it secure to install in a VM a firewall like pfsense and use that as a gateway for the rest of the VM's

home Router --> ProxMox (10.0.0.0)--> pfsense vm with Wan 10.0.0.2 , Lan 192.168.1.1 --> dhcp 192.168.1.0 VM1
--> dhcp 192.168.1.0 VM2
 
We are running shorewall on our hosts that have external access.
 
I mean all the VM's are on the same physical machine which has 2 NICs hardware-->proxmox-->pfsense-->VM's
Is it secure this way ?
 
in one of our clusters , that we have remote. we are running shorewall to protect the proxmox hosts. then a virtual firewall for that network. and its also are running shorewall.
 
Thanks, i understand that
Say that i don't use a firewall on the the base proxmox is it secure against attacks ? I will only use NAT on the router/adsl before proxmox... as i posted
before
 
Personally.... There are two I recommends.

1. Vyatta
2. PfSense

Both are free - and can also run in a vm guest if required. Both are very different and suit different types of users!

Rob


Sent from my iPhone using Tapatalk
 
Agree with Rob that both are fine. pfsense is easy to set up using the web interface.
Vyatta offers a lot of options as well; the free version only has a CLI, no web interface.
Both work nicely in a dedicated VM. I initially chose Vyatta because it supports the virtio network card, now I just love it ;)

coffe is right about NAT+port forwarding.

For added security, I made sure the Proxmox host doesn't use an IP address on the WAN side by setting the IP configuration to manual (not automatic/DHCP or static)
/etc/network/interfaces
Code: 
iface eth0 inet manual

auto vmbr0
iface vmbr0 inet manual
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0
The vmbr0 bridge is connected as the WAN interface in my Vyatta VM...
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back