Search results

Spoke too soon. It's died again. :(

dist-upgrade done. Versions now: root@proxmox0:~# pveversion -vproxmox-ve: 4.0-22 (running kernel: 4.2.3-2-pve) pve-manager: 4.0-57 (running version: 4.0-57/cc7c2b53) pve-kernel-4.2.2-1-pve: 4.2.2-16 pve-kernel-4.2.3-2-pve: 4.2.3-22 lvm2: 2.02.116-pve1 corosync-pve: 2.3.5-1 libqb0: 0.17.2-1...

Tom, sorry for the slow reply, I was driving home. Thank you for at least confirming that nothing 'major' has changed and what I thought should happen, should happen! I've been suspecting the bond interface for a couple of those 4 hours of head-banging, but quite what laid my suspicion on it I...

Think I might be having the same issue, potentially. http://forum.proxmox.com/threads/24720-Proxmox-4-KVM-Network-Connectivity-issues ?

I volunteer for a small charity that provides hospital radio, and I'm in the process of upgrading their infrastructure to something more this decade than last. I'm coming from relatively good experience on PVE <= 3.4, but 4.0 seems to be beating me. This should "just work"? But it doesn't... and...

I cannot argue there. But a few kb for added security isn't necessarily a waste. Let me know if I can help with any ideas you come up with?

The simplicity of the cluster firewall model was the driving force, really. It's an excellent way to do something once, and protect everything. I don't disagree that there is probably a better way though. I'm not fussed about the future of my idea as a standalone. What I want is for PVE to be...

It would certainly make more sense for it to be included internally. MAFIA was just a product of "there's not an easy way to do this. Yet." In todays multi-dozen-gigabyte RAM world though, a few hundred kb dedicated to firewall rules isn't a huge problem? Just thinking out loud here. You guys...

I hit the limit while including more sources for testing MAFIA (an automated blacklist firewall manager for proxmox - see this thread for details). It can be managed for now by just not activating all sources, but if another way can be achieved with either a higher limit - or a different/better...

Thank you Dietmar. Can this be increased? Either per cluster, or generally in the next release?

Is there an arbitrary filesize limit applied to Proxmox firewall rules? I seem to have hit it today? Can this be increased? Thanks!

Not at all. The VPN will put you securely 'in' the private network. You can then access all 5 servers in the cluster, as if you were on the same physical private LAN. You don't need to order any more public IP addresses. Your 5 servers all have private IP's, and the VPN will (subject to correct...

That's what MASQUERADE does. You want to look up DNAT instead. I don't have an exact example for proxmox but something like this will give you a start: /sbin/iptables -t nat -A PREROUTING -p tcp -d {$PUBLICADDRESS} --dport 80 -j DNAT --to {$WEBSERVER}:80

If I were you in that scenario, I would forward some ports on the one IP you have to a VPN (either a real hardware one, or a VM/CT in the cluster). You can then connect to that from the outside world and get a local IP. From there, you can access the cluster as if you were local. The...

version 0.4 released. Now includes script to automatically expire firewall entries based on age and the OpenBL delisted file.

Hello :D Firstly a big thank you to the Proxmox team for PVE. I have been using it in anger for several years now and it just keeps getting better and better. Life feels complete now that it has an integrated firewall! My inbound rules are very tight for all VMs/CTs within my cluster, but this...

Proxmox 3.1 dist-upgraded over time to 3.4 (pve-manager/3.4-3/2fc72fee (running kernel: 2.6.32-37-pve) I have finally taken the plunge with a free afternoon, and set up IP Sets, Security Groups, and Rules (in 'Datacenter' view). 2-host cluster, one simply a warm spare of the other. This will...