Search results

If I do a pveversion -v, I get: proxmox-ve-2.6.32: 3.4-156 (running kernel: 2.6.32-39-pve) but if I do an apt-get upgrade, I get: The following packages will be upgraded: proxmox-ve-2.6.32 pve-cluster pve-kernel-2.6.32-39-pve 3 upgraded, 0 newly installed, 0 to remove and 0 not upgraded...

Sorry, for some reason I though the "interface" value was required.

I see, so "pve-firewall localnet" will show the networks on which the firewall policy will allow access. If I set the policy at the Datacentre level to in/out "accept", I assume that will that mean I will need to add a default "drop" policy at the end of the rules for my VM, is that right?

In theory, yes (although iptables defaults to ACCEPT, as anyone who's been curious to run sudo iptables -L on an configured system will know). My point is that in practice for Proxmox, what on earth is the point of having a default that prevents you from accessing the very system that controls...

I'm using PVE 3.4-6 I'd like to firewall off all ports that I don't need on a couple of MVs. Looking at https://pve.proxmox.com/wiki/Proxmox_VE_Firewall, I think (but I'm not sure) that I need to add rules to enable the PVE admin UI and ssh first though. So I've set up a security group called...

OK thanks. I might politely suggest some edits to the wiki page in that case, because frankly it's dangerously misleading at the moment. BTW is there some reason why rules for the proxmox admin ports aren't in place by default in the datacenter settings? It just seems like a disaster waiting...

OK so this is something that I am trying to understand too. I'm using PVE 3.4 and reading https://pve.proxmox.com/wiki/Proxmox_VE_Firewall Before I do anything with the firewall, I need to make ABSOLUTELY SURE I undertand what the following means, because for somethig so important, it's...

If apt-get currently shows that: The following packages have been kept back: proxmox-ve-2.6.32 While pveversion -v shows: proxmox-ve-2.6.32: 3.4-150 (running kernel: 2.6.32-37-pve) pve-manager: 3.4-6 (running version: 3.4-6/102d4547) pve-kernel-2.6.32-32-pve: 2.6.32-136...

I'm a newbie to KVM, but have been running Proxmox for a few months without any problems - in fact the more I realise how awesome Proxmox is, the more I'm in awe of the developers! However, I've just had what appeared to me to be some kind of hardware failure on the host. My VMs were reporting...

Thanks - and although I assume it's safe to do this from the GUI, I think I'll do it over SSH just in case.

After looking at the updates tab of my host, I see the following are in need of upgrading. Do I need to reboot the host afterwards? I'm also a little wary of doing this via the web GUI after what happened last time... dpkg libldap-2.4-2 libnvpair1 libpve-storage-perl libssl1.0.0 libuutil1...

Can you elaborate on that? How do you use the --redir arg?

Re: How to NAT LAN to WAN? Wow - thanks rootkid! Unfortunately, this doesn't NAT the packets coming from my guest's NIC attached to the LAN. But at least it removes some entropy from things.

Using PVE 3.4 I'm trying to block all traffic to/from IP addresses on a specific VM on its eth0 (it has a number of IPs on that NIC), apart from one IP address that needs to be allowed (for all ports). I'm putting the following in /etc/pve/firewall/<vmid>.fw [OPTIONS] enable: 1 policy_out...

Re: How to NAT LAN to WAN? Thanks for working this through. I too have since tried various permutations, but without success. I notice that the docs on this show eth0 being used as the output interface and not vrmb0 (https://pve.proxmox.com/wiki/Network_Model#Masquerading_.28NAT.29) iptables...

Re: How to NAT LAN to WAN? @rootkid Maybe best to put those lines in files in /etc/network/if-up.d and if-post-down.d accordingly? Meanwhile, I've just tried getting all this to work, but it's not happening :-( I think I need to add the appropriate routes for each interface on the guest. At...

Re: How to NAT LAN to WAN? Great - thanks for you help on this. Much appreciated.

Re: How to NAT LAN to WAN? Thanks - I assume ip_forward needs to be on for the NAT to work, or do you mean I just need to check that it has in fact been set to one?

Re: How to NAT LAN to WAN? Yes, so essentially have a private network available for things like rsync-ing between VMs, but to also allow those VMs to have separate public IP addresses. This is in fact working like that right now (the VMs can all ping each other on their LAN interfaces), but...

Re: How to NAT LAN to WAN? Hi - thanks for this! brctl show says: bridge name bridge id STP enabled interfaces vmbr0 8000.549f3517ee74 no eth0 tap100i0 tap101i0 vmbr1 8000.fef17c1ba4ca no...