Recent content by chrispage1

Hi Dominik, Thanks for your reply! Sure - happy to supply as much information as I can. So this has only begun since the latest update and reboot and can be replicated across nodes. This cluster has gone all the way from PVE 6 with Ceph 16 (from memory) and been upgraded up to PVE 9 with Ceph...

It wasn't a result of any issues like this was it - https://forum.proxmox.com/threads/lxc-boot-and-vzdump-failures-on-ceph-rbd-after-upgrade-fsconfig-failed-cant-lookup-blockdev-exit-code-32.183650/ ? Chris.

Ok, so after a little digging around, my Proxmox Firewall service was reporting the below: May 18 16:17:11 pve02 proxmox-firewall[5138]: error updating firewall rules: cannot execute nftables commands May 18 16:17:16 pve02 proxmox-firewall[5138]: error updating firewall rules: cannot execute...

Hi, After all of the CVE's and security disclosures over the past week or two, I thought it'd be useful to upgrade my Proxmox nodes to the latest. I recently updated everything to PVE 9 & Ceph 19 and it has been working without fault for a few weeks. Since todays package updates, I am getting...

Thanks, although this is still empty: root@pve02:~# iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt...

So nodes upgraded and rebooted, still seems to be a problem. I've cross checked the configurations across all nodes and Host > Firewall settings are exactly the same. I've run iptables -L and they are all empty.

Thanks for your reply! No, iptables is empty. I have been testing from an online port testing tool - still open at the moment. However, if I migrate it to another node, the port correctly appears closed. This server needs updating anyway so I might do this and see if we have still have the...

Hi, I'm having a bit of an odd issue. I have a Windows VM within Proxmox. I don't want port 3389 (TCP) to be open so I am trying to close it using firewall rules. At a DC level: Firewall > Options > Firewall > Yes Firewall > Options > EB Tables > yes Firewall > Options > Input Policy > yes...

Not a bad idea at all actually - it doesn't need a WAN ping does it, wasn't really thinking there! Thanks

Thanks. I did actually have that option checked however I dont think our upstreams are importing anything greater than /32. For now I'll stick with a nice simple ping. For those that might come across this in the future (perhaps even my future self!), here's what I've done in our Alpine Linux...

Thanks Stefan - I guess if I add a single outbound ping every minute, this should prevent it from ever going silent.

Hi, We've setup a VXLAN SDN with VRF and its working great, appreciate all the hard work that the Proxmox team have put in to the SDN functionality and look forward to seeing it grow! However, some of our less 'chatty' virtual machines after a while drop off of the MAC-VRF table and in-turn...

I just looked here as its a similar case. I had an obsolete alias preventing the firewall from reloading - https://forum.proxmox.com/threads/problem-with-the-vnet-firewall.157915/ journalctl -u proxmox-firewall -r Shows errors like - Mar 11 10:57:13 node0-pmx-thn proxmox-firewall[5493]: error...

Hi, I've got two virtual machines in the same VNET and I can't seem to establish any firewalling between the two. They are on an EVPN/VXLAN setup. I've got a zone with two IP ranges - 192.168.1.0/24 and 10.20.34.0/24 I want to block interaction between the two. I've setup a security group at...

Thanks - would be great to see soon! An absolute hack, but may be useful for someone... This can actually be achieved by creating a script that will retrospectively update the path mapping. We can then use systemd to watch for frr changes and retrospectively update the peering priorities. To...