Search results

On another Note, as soon as I enable "Outbound NAT" on OPNSense using one of the Additional IPv4 Addresses, everything breaks down :rolleyes: . It seems Inbound (Port-forwarding) NAT works correctly with the Additional IPs (configured in OPNSense -> Interfaces -> Virtual IPs), but for Outbound...

I have this ... cat /etc/default/grub.d/zfs.cfg GRUB_CMDLINE_LINUX="${GRUB_CMDLINE_LINUX} root=ZFS=\"rpool/ROOT/debian\"" GRUB_CMDLINE_LINUX_DEFAULT="${GRUB_CMDLINE_LINUX_DEFAULT} root=ZFS=\"rpool/ROOT/debian\"" Optionally you could also add these (I add to each line) in case of a headless...

I am observing some very high (>40%, sometimes 80%) IO Delay on Proxmox VE 8.2.2 with pve-no-subscription Repository. Looking at some Posts over this Forum, this may be due to not using Enterprise-Grade SSD, although to be honest I don't necessarily "buy" this justification. I am using Crucial...

As I said, unfortunately, with Hetzner at least, this does NOT seem to be sufficient :rolleyes: . I'm starting to wonder if I should transition to a Brouter / Routed setup and avoid all of these Issues with IPv4 Single IPs, just like I am doing with IPv6, although I am not sure if I can do it...

So you agree that the problem is NOT fixed by: bridge-disable-mac-learning 1 any of my sysctl Configuration any of the other Linux Bridge Options such as bridge-unicast-flood off bridge-multicast-flood off bridge-vlan-aware yes bridge-vids 2-4096 manually disabling unicast flooding...

Besides the fact that the ipset with the nomatch didn't appear to work correctly (at least for me), what feels wrong is that we filter on the IPv4 Level, rather than MAC Address. Then again it's true that I cannot really filter by MAC Address since apparently I am marked as the destination MAC...

I originally tried that but I think it was not behaving correctly. Maybe a OR(NOT(A) , NOT(B)) not working as expected and not being equivalent to NOT(A OR B), when you do your ipset or something like that.

I also have that implemented (and disabled multicast flood & unicast flood). I also tried to use "port isolation" for the member of a Bridge, that also does NOT solve this issue. Neither does ebtables rules (because actually the traffic is addressed to my MAC but NOT my IP - weird stuff at...

Same experience here ... The main Fix (besides changing a bunch of sysctl, disable mac bridge learning & unicast/multicast flood in bridge settings) was to add a Firewall Rule to Drop Incoming traffic with Destination = NOT_MY_IPs. Unfortunately I did NOT find an easy way to Invert the sense...

I'd still say there is something weird going on with IPv6 now. Strangely, for IPv4, I see the logs in the VM -> Firewall -> Logs- But for IPv6, even though I added the Security Group Rule and associated it with "net0" on the VM, I see "allow-ping-in" in the Host Logs, *not* in the VM (like I...

I'm very new to IPv6, but if you want the LAN Interface to "track" the WAN Interface with Regards to IPV6 and maybe want to do Prefix Delegation (IPv6-PD), according to my understanding the minimum size of delegation available needs to be /64. If you use One IP Address for the Proxmox Host and...

I didn't really make much progress. I'm trying to play with the Proxmox Firewall, but it's really tricky, as some stuff is no logged no matter what. I tried to "force" that behavior by adding some Catch-All "DROP" Rules for Inbound & Outbound, but it brings more questions than it answers. It...

Maybe the only Option is to order an additional NIC and LAN (WAN) Connection fore roughly 5 EUR Extra per Month in Total, then setup PCIe Passthrough in Proxmox VE to pass the NIC directly to OPNSense...

I know how you are thinking. I thought the same. VM NIC was set to the correct MAC. Sniffing with TCPdump showed that the "Abuse MAC" were linked to an address within that /26 Subnet, but NOT my Servers- One of my "Neighbors" so to speak. Yet, Hetzner sent me several MAC Abuse Emails as well...

It should be quite straight forward. But with all the MAC Abuse Emails that I got (and many other people got ... just look at e.g. Reddit) I don't know what to think :rolleyes: . You are however using Containers you said ? I wonder if that makes a difference (since you don't have an "extra"...

Thank you for your reply. I was leaning towards either a sysctl setting, but maybe it's just the Proxmox VE Firewall and their "Security Group Policies" defined on Datacenter Level, applied on VM Level, yet ONLY showing on NODE level, without ANY indication whether the traffic was DROPPED or...

I really like the Proxmox VE Product. However I am getting at my wits end with regards to the Firewall Logging Capability. It might as well be Chinese :( . Some Traffic to/from the OPNSense VM works (e.g. from my Home pinging Proxmox Host AND OPNSense VM works correctly), same from Proxmox VE...

I'm getting crazy with this. Lost yet another day and it's nowhere closer to working reliably. I can openvpn into the OPNSense VM just fine, but other than that, nothing seems to work. Ping from OPNSense to Outside world is completely broken, so is traceroute etc. I also disabled Proxmox...

But I just discovered something weird with my OPNSense VM. For some reason: I cannot update OPNSense anymore From OPNSense I cannot Ping "OUT" to e.g. Google DNS Servers 8.8.8.8 (I have a Uptime-Kuma instance at Home, and Ping "IN" works correctly) Node -> OPNSense VM -> Firewall -> Log only...

No that's just the primary IP Configuration. Setup was done according to Hetzner own Documentation: https://docs.hetzner.com/robot/dedicated-server/network/net-config-debian-ubuntu/#ipv4