Search results

  1. M

    [SOLVED] Block outbound connection from VM not working

    Rules have been moved to network configuration ;)
  2. M

    [SOLVED] Block outbound connection from VM not working

    -A POSTROUTING -s 10.1.0.0/24 ! -d 10.1.0.0/24 -o enp5s0 -j MASQUERADE .. is set by crontab at boot (i know, it's not very clean). I modify the vmbr0 configuration by removing the public ip, removed the destination exclusion on iptables nat rules, and got the same result. I re-read the doc and...
  3. M

    [SOLVED] Block outbound connection from VM not working

    on vm112 # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug ens18 iface ens18 inet static address 10.1.0.112 netmask 255.255.255.0 gateway 10.1.0.2 iface ens18 inet6 dhcp An no iptables rules On the node...
  4. M

    [SOLVED] Block outbound connection from VM not working

    I must have messed up the test .. with the rule enabled I don't have any tcpdump trace when pinging 1.1.1.1. For 8.8.8.8, I still only get icmp echo request and no reply. It works for other vm on the same cluster even the same node. I find the only difference between them and VM112. It...
  5. M

    [SOLVED] Block outbound connection from VM not working

    Strange thing, the same rule on the other node of my cluster works. I'm quite lost on this one ... edit : and it's working on another vm on the same node as 112 ... o_O
  6. M

    [SOLVED] Block outbound connection from VM not working

    With firewall enabled (and MAC filtering disabled). For vmbr1 and enp5s0, results are the same : ping 1.1.1.1 from VM tcpdump -i enp5s0 icmp tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on enp5s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes...
  7. M

    [SOLVED] Block outbound connection from VM not working

    112.fw : [OPTIONS] enable: 1 policy_out: ACCEPT policy_in: ACCEPT [ALIASES] cloudflaredns 1.1.1.1 [RULES] OUT DROP -dest 1.1.1.1 -p icmp -log nolog -icmp-type any cluster.fw [OPTIONS] enable: 1 policy_in: ACCEPT log_ratelimit: burst=5,enable=1,rate=1/second [ALIASES] cloudflareDNS...
  8. M

    [SOLVED] Block outbound connection from VM not working

    well not so fast for me .. @Chris, sorry :) Firewalled interface works but it also block all outbound traffic (output policy on the VM & Datacenter is set to ACCEPT) In the log I can see the drop packet for icmp 1.1.1.1, but no log for other requests. If I set my rule ACCEPT, i still can't...
  9. M

    [SOLVED] Block outbound connection from VM not working

    Ok found it .. I haven't checked "firewall" on the VM network interface ... Sorry !
  10. M

    [SOLVED] Block outbound connection from VM not working

    thank you for the quick reply. However 2 things : I don't have chain named "tap112i0-OUT" Even with your rules and a reboot of the vm, I can still ping 1.1.1.1 Could it be link to my ip forwarding rules on the node ? (vm has only a local ip, and everything is routed throught the node with...
  11. M

    [SOLVED] Block outbound connection from VM not working

    Hi I'm trying to block some simple outbound traffic from a specific VM. Firewall is enable on the datacenter lever, on the node level and on the VM level (name "hub", ip "10.1.0.112"). I'm trying to block icmp to 1.1.1.1. root@marvin:/etc/pve/firewall# cat 112.fw [OPTIONS] ipfilter: 1 enable...
  12. M

    [SOLVED] Unable to upgrade to new kernel: no space left on device - but df says otherwise

    Reboot this morning, everything is working ;) Linux jarvis 5.15.35-1-pve
  13. M

    [SOLVED] Unable to upgrade to new kernel: no space left on device - but df says otherwise

    #proxmox-boot-tool status Re-executing '/usr/sbin/proxmox-boot-tool' in new private mount namespace.. System currently booted with legacy bios FEE5-D6E7 is configured with: uefi (versions: ), grub (versions: 5.13.19-6-pve, 5.15.30-2-pve) FEE6-D626 is configured with: uefi (versions: ), grub...
  14. M

    [SOLVED] Unable to upgrade to new kernel: no space left on device - but df says otherwise

    I used this one : - I assume that the system is booted and always will remain booting with legacy bios and not UEFI: - mount each of the ESPs manually - in the mountpoint remove e.g. for kernel 5.4.103-1-pve: - remove /mountpoint/EFI/proxmox/5.4.103-1-pve - remove...
  15. M

    [SOLVED] Unable to upgrade to new kernel: no space left on device - but df says otherwise

    I'm a little lost on this boot-mode .. sorry. I don't remember changing the boot-mode, but i do remember that on migration between pve 6 to 7, I did some checks with proxmox-boot-tool. efibootmgr -v EFI variables are not supported on this system. So, i'm using legacy mode, right ? but with...
  16. M

    [SOLVED] Unable to upgrade to new kernel: no space left on device - but df says otherwise

    I think I should follow this thread : https://forum.proxmox.com/threads/dpkg-hanging-when-upgrading-pve-kernel.95077/#post-412898 But, I have 3 nvme disk on a zfs raidz configuration: nvme2n1 259:0 0 476.9G 0 disk ├─nvme2n1p1 259:1 0 1007K 0 part ├─nvme2n1p2 259:2 0 512M 0...
  17. M

    [SOLVED] Unable to upgrade to new kernel: no space left on device - but df says otherwise

    Didn't work, and I think I broke something : apt remove --purge pve-kernel-5.11.22-1-pve Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages will be REMOVED: pve-kernel-5.11.22-1-pve 0 upgraded, 0 newly installed, 1 to remove...
  18. M

    [SOLVED] Unable to upgrade to new kernel: no space left on device - but df says otherwise

    Hi Usual upgrade today, to "Setting up pve-kernel-5.15.30-2-pve". Unsual answer from proxmox Setting up pve-kernel-5.15.30-2-pve (5.15.30-3) ... Examining /etc/kernel/postinst.d. run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 5.15.30-2-pve /boot/vmlinuz-5.15.30-2-pve run-parts...
  19. M

    [SOLVED] Last "apt dist-upgrade" wants to remove proxmox-pve

    indeed. apt remove linux-image-amd64 linux-libc-dev It did the job, thanks !
  20. M

    [SOLVED] Last "apt dist-upgrade" wants to remove proxmox-pve

    The topic title has been deliberately shortened, I usually run apt update && apt dist-upgrade. So, how could I prevent the removal of proxmox-ve and pve-firmware ?

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!