Search results

Rules have been moved to network configuration ;)

-A POSTROUTING -s 10.1.0.0/24 ! -d 10.1.0.0/24 -o enp5s0 -j MASQUERADE .. is set by crontab at boot (i know, it's not very clean). I modify the vmbr0 configuration by removing the public ip, removed the destination exclusion on iptables nat rules, and got the same result. I re-read the doc and...

on vm112 # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug ens18 iface ens18 inet static address 10.1.0.112 netmask 255.255.255.0 gateway 10.1.0.2 iface ens18 inet6 dhcp An no iptables rules On the node...

I must have messed up the test .. with the rule enabled I don't have any tcpdump trace when pinging 1.1.1.1. For 8.8.8.8, I still only get icmp echo request and no reply. It works for other vm on the same cluster even the same node. I find the only difference between them and VM112. It...

Strange thing, the same rule on the other node of my cluster works. I'm quite lost on this one ... edit : and it's working on another vm on the same node as 112 ... o_O

With firewall enabled (and MAC filtering disabled). For vmbr1 and enp5s0, results are the same : ping 1.1.1.1 from VM tcpdump -i enp5s0 icmp tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on enp5s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes...

112.fw : [OPTIONS] enable: 1 policy_out: ACCEPT policy_in: ACCEPT [ALIASES] cloudflaredns 1.1.1.1 [RULES] OUT DROP -dest 1.1.1.1 -p icmp -log nolog -icmp-type any cluster.fw [OPTIONS] enable: 1 policy_in: ACCEPT log_ratelimit: burst=5,enable=1,rate=1/second [ALIASES] cloudflareDNS...

well not so fast for me .. @Chris, sorry :) Firewalled interface works but it also block all outbound traffic (output policy on the VM & Datacenter is set to ACCEPT) In the log I can see the drop packet for icmp 1.1.1.1, but no log for other requests. If I set my rule ACCEPT, i still can't...

Ok found it .. I haven't checked "firewall" on the VM network interface ... Sorry !

thank you for the quick reply. However 2 things : I don't have chain named "tap112i0-OUT" Even with your rules and a reboot of the vm, I can still ping 1.1.1.1 Could it be link to my ip forwarding rules on the node ? (vm has only a local ip, and everything is routed throught the node with...

Hi I'm trying to block some simple outbound traffic from a specific VM. Firewall is enable on the datacenter lever, on the node level and on the VM level (name "hub", ip "10.1.0.112"). I'm trying to block icmp to 1.1.1.1. root@marvin:/etc/pve/firewall# cat 112.fw [OPTIONS] ipfilter: 1 enable...

Reboot this morning, everything is working ;) Linux jarvis 5.15.35-1-pve

#proxmox-boot-tool status Re-executing '/usr/sbin/proxmox-boot-tool' in new private mount namespace.. System currently booted with legacy bios FEE5-D6E7 is configured with: uefi (versions: ), grub (versions: 5.13.19-6-pve, 5.15.30-2-pve) FEE6-D626 is configured with: uefi (versions: ), grub...

I used this one : - I assume that the system is booted and always will remain booting with legacy bios and not UEFI: - mount each of the ESPs manually - in the mountpoint remove e.g. for kernel 5.4.103-1-pve: - remove /mountpoint/EFI/proxmox/5.4.103-1-pve - remove...

I'm a little lost on this boot-mode .. sorry. I don't remember changing the boot-mode, but i do remember that on migration between pve 6 to 7, I did some checks with proxmox-boot-tool. efibootmgr -v EFI variables are not supported on this system. So, i'm using legacy mode, right ? but with...

I think I should follow this thread : https://forum.proxmox.com/threads/dpkg-hanging-when-upgrading-pve-kernel.95077/#post-412898 But, I have 3 nvme disk on a zfs raidz configuration: nvme2n1 259:0 0 476.9G 0 disk ├─nvme2n1p1 259:1 0 1007K 0 part ├─nvme2n1p2 259:2 0 512M 0...

Didn't work, and I think I broke something : apt remove --purge pve-kernel-5.11.22-1-pve Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages will be REMOVED: pve-kernel-5.11.22-1-pve 0 upgraded, 0 newly installed, 1 to remove...

Hi Usual upgrade today, to "Setting up pve-kernel-5.15.30-2-pve". Unsual answer from proxmox Setting up pve-kernel-5.15.30-2-pve (5.15.30-3) ... Examining /etc/kernel/postinst.d. run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 5.15.30-2-pve /boot/vmlinuz-5.15.30-2-pve run-parts...

indeed. apt remove linux-image-amd64 linux-libc-dev It did the job, thanks !

The topic title has been deliberately shortened, I usually run apt update && apt dist-upgrade. So, how could I prevent the removal of proxmox-ve and pve-firmware ?