Recent content by LeeS

Spoke too soon. It's died again. :(

dist-upgrade done. Versions now: root@proxmox0:~# pveversion -vproxmox-ve: 4.0-22 (running kernel: 4.2.3-2-pve) pve-manager: 4.0-57 (running version: 4.0-57/cc7c2b53) pve-kernel-4.2.2-1-pve: 4.2.2-16 pve-kernel-4.2.3-2-pve: 4.2.3-22 lvm2: 2.02.116-pve1 corosync-pve: 2.3.5-1 libqb0: 0.17.2-1...

Tom, sorry for the slow reply, I was driving home. Thank you for at least confirming that nothing 'major' has changed and what I thought should happen, should happen! I've been suspecting the bond interface for a couple of those 4 hours of head-banging, but quite what laid my suspicion on it I...

Think I might be having the same issue, potentially. http://forum.proxmox.com/threads/24720-Proxmox-4-KVM-Network-Connectivity-issues ?

I volunteer for a small charity that provides hospital radio, and I'm in the process of upgrading their infrastructure to something more this decade than last. I'm coming from relatively good experience on PVE <= 3.4, but 4.0 seems to be beating me. This should "just work"? But it doesn't... and...

I cannot argue there. But a few kb for added security isn't necessarily a waste. Let me know if I can help with any ideas you come up with?

The simplicity of the cluster firewall model was the driving force, really. It's an excellent way to do something once, and protect everything. I don't disagree that there is probably a better way though. I'm not fussed about the future of my idea as a standalone. What I want is for PVE to be...

It would certainly make more sense for it to be included internally. MAFIA was just a product of "there's not an easy way to do this. Yet." In todays multi-dozen-gigabyte RAM world though, a few hundred kb dedicated to firewall rules isn't a huge problem? Just thinking out loud here. You guys...

I hit the limit while including more sources for testing MAFIA (an automated blacklist firewall manager for proxmox - see this thread for details). It can be managed for now by just not activating all sources, but if another way can be achieved with either a higher limit - or a different/better...

Thank you Dietmar. Can this be increased? Either per cluster, or generally in the next release?

Is there an arbitrary filesize limit applied to Proxmox firewall rules? I seem to have hit it today? Can this be increased? Thanks!

Not at all. The VPN will put you securely 'in' the private network. You can then access all 5 servers in the cluster, as if you were on the same physical private LAN. You don't need to order any more public IP addresses. Your 5 servers all have private IP's, and the VPN will (subject to correct...

That's what MASQUERADE does. You want to look up DNAT instead. I don't have an exact example for proxmox but something like this will give you a start: /sbin/iptables -t nat -A PREROUTING -p tcp -d {$PUBLICADDRESS} --dport 80 -j DNAT --to {$WEBSERVER}:80