Tom, sorry for the slow reply, I was driving home. Thank you for at least confirming that nothing 'major' has changed and what I thought should happen, should happen! I've been suspecting the bond interface for a couple of those 4 hours of head-banging, but quite what laid my suspicion on it I...
I volunteer for a small charity that provides hospital radio, and I'm in the process of upgrading their infrastructure to something more this decade than last. I'm coming from relatively good experience on PVE <= 3.4, but 4.0 seems to be beating me. This should "just work"? But it doesn't... and...
The simplicity of the cluster firewall model was the driving force, really. It's an excellent way to do something once, and protect everything. I don't disagree that there is probably a better way though.
I'm not fussed about the future of my idea as a standalone. What I want is for PVE to be...
It would certainly make more sense for it to be included internally. MAFIA was just a product of "there's not an easy way to do this. Yet."
In todays multi-dozen-gigabyte RAM world though, a few hundred kb dedicated to firewall rules isn't a huge problem? Just thinking out loud here. You guys...
I hit the limit while including more sources for testing MAFIA (an automated blacklist firewall manager for proxmox - see this thread for details). It can be managed for now by just not activating all sources, but if another way can be achieved with either a higher limit - or a different/better...
Not at all. The VPN will put you securely 'in' the private network. You can then access all 5 servers in the cluster, as if you were on the same physical private LAN. You don't need to order any more public IP addresses. Your 5 servers all have private IP's, and the VPN will (subject to correct...
That's what MASQUERADE does.
You want to look up DNAT instead. I don't have an exact example for proxmox but something like this will give you a start:
/sbin/iptables -t nat -A PREROUTING -p tcp -d {$PUBLICADDRESS} --dport 80 -j DNAT --to {$WEBSERVER}:80
If I were you in that scenario, I would forward some ports on the one IP you have to a VPN (either a real hardware one, or a VM/CT in the cluster). You can then connect to that from the outside world and get a local IP. From there, you can access the cluster as if you were local.
The...
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.