hi there
my first post here! i am a fairly new proxmox user, i chose it due to the fact that other VPS solutions were either costly or had other cons such as management interface restrictions (ESXi - Windows only management anyone?) and a variety of other reasons
i started building my first production server (well first public one anyway) last week using proxmox and debian containers for mail, web and dns.
the reason i am here is because i have searched high and low to solve my problem, i have googled, checked the wiki and everything.
there was some info provided here - http://wiki.openvz.org/Setting_up_an_iptables_firewall
but for my requirements i found the instructions a bit cryptic. so i shall describe my setup and requirements and perhaps someone can help.
i have a /29 public ip range and only one nic on the server, each of the containers and proxmox have there own IP. all the debian boxes have webmin and there own copy of csf installed to firewall each container (i have modded the vz.conf file to enable the required ip tables modules) this is great for the containers
however before i sign off the server for full scale production use rather than testing i want to make sure the Host Node (proxmox) is secure, i want to setup a firewall on the HN without affecting access to the containers.
does anyone have any suggestions of there solutions on how to secure the HN in this way, even if its just a human translation of the instructions in the link above.
ps i do understand that firewalling each container seperately sounds wierd i had set these up before reading some of the openVZ articles and dont like the thought of undoing all my work on this side of things
also i assume to secure ssh and change its port i can just edit the conf file and restart the ssh service?
thoughts very much appreciated
my first post here! i am a fairly new proxmox user, i chose it due to the fact that other VPS solutions were either costly or had other cons such as management interface restrictions (ESXi - Windows only management anyone?) and a variety of other reasons
i started building my first production server (well first public one anyway) last week using proxmox and debian containers for mail, web and dns.
the reason i am here is because i have searched high and low to solve my problem, i have googled, checked the wiki and everything.
there was some info provided here - http://wiki.openvz.org/Setting_up_an_iptables_firewall
but for my requirements i found the instructions a bit cryptic. so i shall describe my setup and requirements and perhaps someone can help.
i have a /29 public ip range and only one nic on the server, each of the containers and proxmox have there own IP. all the debian boxes have webmin and there own copy of csf installed to firewall each container (i have modded the vz.conf file to enable the required ip tables modules) this is great for the containers
however before i sign off the server for full scale production use rather than testing i want to make sure the Host Node (proxmox) is secure, i want to setup a firewall on the HN without affecting access to the containers.
does anyone have any suggestions of there solutions on how to secure the HN in this way, even if its just a human translation of the instructions in the link above.
ps i do understand that firewalling each container seperately sounds wierd i had set these up before reading some of the openVZ articles and dont like the thought of undoing all my work on this side of things
also i assume to secure ssh and change its port i can just edit the conf file and restart the ssh service?
thoughts very much appreciated
Last edited: