Search results

I'd still say there is something weird going on with IPv6 now. Strangely, for IPv4, I see the logs in the VM -> Firewall -> Logs- But for IPv6, even though I added the Security Group Rule and associated it with "net0" on the VM, I see "allow-ping-in" in the Host Logs, *not* in the VM (like I...

I'm very new to IPv6, but if you want the LAN Interface to "track" the WAN Interface with Regards to IPV6 and maybe want to do Prefix Delegation (IPv6-PD), according to my understanding the minimum size of delegation available needs to be /64. If you use One IP Address for the Proxmox Host and...

I didn't really make much progress. I'm trying to play with the Proxmox Firewall, but it's really tricky, as some stuff is no logged no matter what. I tried to "force" that behavior by adding some Catch-All "DROP" Rules for Inbound & Outbound, but it brings more questions than it answers. It...

Maybe the only Option is to order an additional NIC and LAN (WAN) Connection fore roughly 5 EUR Extra per Month in Total, then setup PCIe Passthrough in Proxmox VE to pass the NIC directly to OPNSense...

I know how you are thinking. I thought the same. VM NIC was set to the correct MAC. Sniffing with TCPdump showed that the "Abuse MAC" were linked to an address within that /26 Subnet, but NOT my Servers- One of my "Neighbors" so to speak. Yet, Hetzner sent me several MAC Abuse Emails as well...

It should be quite straight forward. But with all the MAC Abuse Emails that I got (and many other people got ... just look at e.g. Reddit) I don't know what to think :rolleyes: . You are however using Containers you said ? I wonder if that makes a difference (since you don't have an "extra"...

Thank you for your reply. I was leaning towards either a sysctl setting, but maybe it's just the Proxmox VE Firewall and their "Security Group Policies" defined on Datacenter Level, applied on VM Level, yet ONLY showing on NODE level, without ANY indication whether the traffic was DROPPED or...

I really like the Proxmox VE Product. However I am getting at my wits end with regards to the Firewall Logging Capability. It might as well be Chinese :( . Some Traffic to/from the OPNSense VM works (e.g. from my Home pinging Proxmox Host AND OPNSense VM works correctly), same from Proxmox VE...

I'm getting crazy with this. Lost yet another day and it's nowhere closer to working reliably. I can openvpn into the OPNSense VM just fine, but other than that, nothing seems to work. Ping from OPNSense to Outside world is completely broken, so is traceroute etc. I also disabled Proxmox...

But I just discovered something weird with my OPNSense VM. For some reason: I cannot update OPNSense anymore From OPNSense I cannot Ping "OUT" to e.g. Google DNS Servers 8.8.8.8 (I have a Uptime-Kuma instance at Home, and Ping "IN" works correctly) Node -> OPNSense VM -> Firewall -> Log only...

No that's just the primary IP Configuration. Setup was done according to Hetzner own Documentation: https://docs.hetzner.com/robot/dedicated-server/network/net-config-debian-ubuntu/#ipv4

Sure. Relevant Part (excluded are the DMZ Zones which will be managed by OPNSense) and of course redacted IP for Privacy. auto lo iface lo inet loopback # Disabled the "auto" Part #auto eth0 iface eth0 inet manual auto vmbr0 iface vmbr0 inet static hwaddress XXXXXXXXXXXXXX address...

Well, with all due respect, that is "his/her Problem" and/or (most likely) some weird Stuff going on on the part of Hetzner. Personally I don't want that they take my Server Down because their Server (plus possibly my Server) was badly configured. Would you accept that ? And, at the same time...

Not sure if it helps, but you might want to check my reply and @Undergrid Firewall Rule. In my case the First Abuse was originally automatically solved, just to come back a few days later + manual Reply saying that they would block my server within a few hours if the Problem was not solved...

So I also added your rule (see my EDIT 3 ... I had to create a Rule Set "NOT MY IPs" with "nomatch" enabled. Too bad we cannot do this when creating the Firewall Rule, like I could e.g. with OPNSense ("Invert the sense of the Match"), as then I need to create "MY PUBLIC IPs", "NOT MY PUBLIC...

I have bridged networking as well ... Good point, I'll also add that rule :) . EDIT 1: and Hetzner again complained that I did not reply tho their automatic request (because when I clicked they stated that the ticket was already closed). Doesn't make sense ... EDIT 2: how did you "Invert...

So ... I got yet another MAC Abuse warning, this time coupled by a human response, after I inquired about what was going on, since the IP Address related to those MAC Addresses were NOT mine. They told me that the Server could be locked down in a few hours and to contact Customer Support if...

I'm on the latest and greatest Proxmox VE 8.2.2. The only thing I did to try to improve the situation AFTER this Abuse Alert was to add this to /etc/sysctl.d/99-hetzner.conf: # Ignore ICMP echo packets sent to a broadcast address. net.ipv4.icmp_echo_ignore_broadcasts=1 # This setting avoids...

I also just received an Abuse message. But when running `tcpdump -en | grep -i <mac-address-they-say-its-not-allowed>` I get the IP Address of ANOTHER Hetzner Server, NOT Mine ! Did they send the Abuse message to everybody in the /26 Subnet (I have a single IP Address) ?

Yeah but I'd rather not replace the disks if it's not really needed. It's also $$$. It's not like it was "real" used space. It was probably caused by ZFS doing snapshots on top of snapshots or compression on top of compression. Do you think there are other features I should disable on the ZFS...