firewall

Staging the problem. Use case: I want to keep ip address based firewall enabled on a VM nic, aka firewall=1, but since this nic is running VRRP Virtual IP it uses spoofed macs, so I need macfilter=0. When i manually edit the VMID.conf file and append macfilter=0 to the nic everything works as...

Hi all, Current running a 3 node cluster with version 8.2.4, for what I can see its running iptables and not nftables. We wish to lock down our individual nodes or a cluster as a whole using GeoIP rule IPsets, and using the GUI for this is not an option (We are using the cluster/Node/VM built...

Hallo Zusammen, ich muss den Zugriff auf mehrere VMs auf einem Proxmox Host übers Internet freischalten. Als Firewall ist eine OPNsense auf einer eigenen Hardware im Einsatz. Außerdem soll ein Reverse Proxy auf dern OPNsense eingerichtet werden. Vlans sind auch im Einsatz und werden noch...

I've got a working 6 nodes stretched Proxmox VE9.1 + Ceph cluster, with hosts split over two datacenters (3 in each). In a third datacenter I've got a Proxmox VE 9.1 virtual machine (on vsphere) which acts as proxmox + ceph tie-breaker. Each host has 4x25 Gbits/s interfaces in LACP bond defined...

Apologize if this is a dumb or often asked question, I'm just now experimenting with Proxmox firewalls. I noticed that if I enable a rule on a VM firewall that, say, allows ICMP, I'm able to ping it pretty quickly, but if I disable that rule again, the pings don't stop for a really, really long...

Hi all, I want to use a nic in vlan aware mode to connect multiple phisical devices. Below is my networking diagram. vmbr0 and vmbr1 are working fine, i'm not able to configure vmbr2 (LAN in vlan aware mode). This is my network interface: auto vmbr0 iface vmbr0 inet static address...

Hello together, I got a problem with my subskription update in regards to firewall rules from an external firewall. If I activate the external firewall I can't get the update, but the strange thing is, that no traffic coming from my node (OUTGOING) is blocked, it is all accepted. All the other...

Hi, Mein Proxmox host (8.4.14) kann sich nicht mehr mit meinem proxmox backup server, der in einer LXC läuft, verbinden: `no route to host`. Dies hat immer problemlos funktioniert, aber seit einem Monat ca ist dies nicht mehr der Fall. host: 10.1.100.12 proxmox backup server: 10.1.101.134 Ein...

Hello! As title states, I'm using a Simple SDN zone with auto dhcp enabled, dnsmasq installed, basically everything working. HOWEVER, when I enable the node-level firewall, dhcp stops working entirely. Datacentre firewall doesn't effect dhcp. I have the rules set up from the guide on both a...

Hallo Ladies and Gentlemen, aktuell sammle ich gerade erste Erfahrungen mit Proxmox durch ausprobieren, Kurse etc. . Dabei bin ich auf ein Problem gestoßen, was ich nicht verstehe. Ziel ist es, die VM's und CT's in einem separaten Netzwerk zu betreiben, welches nur Zugang zum GW (Gateway -...

Hi, Currently running Proxmox V9 and pfSense in a VM, with no issues on a 2000 Mbps down / 800 Mbps up fiber connection. After migrating to symmetrical 8 Gbps, the speeds are capped, regardless of the setup: - pfSense : approximately 5.5 Gbps down and 2 Gbps up - opnsense : 8 Gbps down...

I seriously don’t understand what Proxmox is doing here, and I could use a reality check. Here’s my exact setup: 1. Datacenter Firewall ON Policies: IN = ACCEPT, OUT = ACCEPT, FORWARD = ACCEPT One rule: IN / ACCEPT / vmbr0.70 / tcp / myPC → 8006 (WebGUI Leftover as i had IN = REJECT before)...

Having issues with VLAN connectivity on my Proxmox setup. My Ubuntu VM is getting an IP address, but it cannot reach the internet. I’m trying to figure out if my VLAN config is wrong or if I'm missing a route/gateway somewhere. Also vlan are set in OPNsense. Here’s my...

Hello everyone, I am currently trying proxmox with opnsense as a VM and trying to understand more the VLAN functions und firewall rules. I have made a config and it is working but I am asking myself why some things work and some don't. Maybe one of you can answer them. 1. Why am I able to...

Hi all, I don't understand how ebtables work on PVE firewall and I don't find good documentation about that. I've enabled firewall on my VMs and LXC containers, but it seems that it's only filtering Layer3 packets (iptables, I guess). And what I'd like to do is to filter protocols operating at...

This is probably a newbie question as I am not familiar with the setup yet but what i basically want to achieve is: I have a single Proxmox Installation with one node. I have a container that acts as a gateway for all incoming connections. That also works as I have a IP Filter on my router (I am...

I'm sure this is going to be a painfully beginner question and I apologize from the start: I'm attempting to expose a single VM to 8080 and 443. Unfortunately, networking is not my strong suit. I have two rules assigned to it, set up as shown here: (and then for HTTPS the source port is set...

Hi Proxmox team, I’d like to suggest an improvement for the Proxmox Firewall: the ability to define firewall rules not only based on static IP addresses, but directly on VM objects. The idea is to create rules that reference virtual machines by their name, ID, or tags — similar to how it’s...

Hello, I am having trouble configuring the Vnet Firewall. I have set up a PoC with two hosts. There is one VM on each host, each of which has a service interface and another interface for the NAS. Two VLANs are configured, one for the service and another for the NAS. The intention is that the...

Hello everyone, I'm a beginner when it comes to networks and servers, so I decided to buy an old server and install Proxmox to improve, I got an HP ProLiant DL160 g6 to which I added an additional NIC, leaving me with a total of 4 ports. After configuring Proxmox I decided to install a Sophos...