firewall

1.I find that I can capture the IPV6 Neighbor solicitation packet on my virtual machine but on the pve vmbr1 I can not caputre the packet.. My topology is vmbr1 is the linux bridge of enp2s0, and my virtual machine's eth1 is bridge the vmbr1.. please see the attachment of the capture...

Hi all, I've set up a VM for Minecraft and it appears to be running correctly (from the cli - I don't play). The correct port, however, isn't open. I have a Verizon FIOS router and behind that I have an OpenWRT router and then the ProxMox machine. The FIOS router holds my public IP. The VM...

Hello, I am using Proxmox 8.3.3. and after a reboot I cannot access GUI, cannot ping proxmox or any VM (VMs are not online as well). I can reach proxmox server over SSH anr Winscp. There are no errors (I went through previous threads on this subject and all rights to folder and certificates...

I have an internal vnet with systems that needed access to the Internet. With the newer proxmox-firewall I was able to create a new table with the necessary rules and save the changes to /etc/nftables.conf but the rules are not loaded at boot. The documentation says this on custom rules: "If you...

Hello everyone, Let me explain the situation to see if you can help me: I have configured the firewall in Proxmox to access a container running Proxmox Backup Server. The rules I’ve applied to the PBS container are the following: Block any request and protocol from any IP. Allow TCP...

I'm trying to get coolercontrold up on my PVE instance. When installed on host and initialized, logs output: IPv4 bind error: Could not bind to standard IPv4 loopback address on port 11987 Is there any sort of firewalling measure on PVE that could potentially cause this?

I'm having issue with pve-firewall having "pending changes" as soon as I enable nftables at the host level pve-firewall status Status: enabled/running (pending changes) Restarting pve-firewall does not help Deleting all VNet firewall rules does not help Linux x3 6.8.12-4-pve #1 SMP...

Hello all, I have discovered a big bug: When we edit an alias name or IPSet name, rules with alias or IPSet (alias into IPSet too) are not updated with new name. I have tested with: Datacenter firewall: -> /etc/pve/firewall/cluster.fw Node firewall: -> /etc/pve/nodes/XXXX/host.fw VM...

Hello all, I have discovered a big bug: When we edit an alias name or IPSet name, rules with alias or IPSet (alias into IPSet too) are not updated with new name. I have tested with: Datacenter firewall: -> /etc/pve/firewall/cluster.fw Node firewall: -> /etc/pve/nodes/XXXX/host.fw VM...

I've been testing out the newer nftables-based firewall, and outside of the (very annoying) syntax changes for iplists/aliases, it seems to be working well. However, I noticed an issue when configuring a VM that has three network interfaces. Only two of the three interfaces have the firewall...

Help! I have TS3 running on a lxc. I can connect to the TS3 server locally and externally as long as the container's firewall is deactivated. There are two security groups added: 1. webserver - accepts incoming HTTP and HTTPS (80 and 443) and also SSH (22); no source port, no destination or...

Hello everyone. I have rented a dedicated server with Proxmox VE 8.3 installed. It is accessible via the public IP address 32.43.54.65:8006 (not a real ip). I want to set up a pfSense virtual machine on Proxmox and configure it so that Proxmox itself and all future virtual machines are behind...

Hello everyone, so I am trying to implement a Sophos FW as a VM in proxmox. I have watched this video ( https://www.youtube.com/watch?v=7pvgKc3WdEg ), everything has worked till the network config, I don't know how to configure my WAN and LAN interface. This is my home network: And this is my...

Hey everyone! I have a Proxmox 7.4 cluster with several nodes. Across them, there are two VMs, live and test, both based on Ubuntu 18.04, both with a private IP address for communication among LXCs and VMs, and with a public IP address to access the Internet. Firewall is open for specific ports...

Wiki for reference: https://pve.proxmox.com/wiki/VNC_Client_Access I'm looking into adding this to some of my VMs to make them more accessible. However, I'd like to isolate the VNC network from Proxmox MGMT in general. I've run into a few issues so far, and I'm not quite sure the best...

Hello, I am having a hard time accessing my Proxmox server. I have one router sitting between my computer and the Proxmox. The Proxmox is connected through 1 physical cable to the router, which is configured as a VLAN trunk port with VLAN 10 and 30 configured. For VLAN 10, I am using the network...

I have a user on my cluster that I want to give permission to edit their own vnet firewall rules. I created a separate SDN zone for them as I don’t see a way to give permissions on just a single vnet. I can give them permission to use that SDN zone, but I can’t find a way to give them access to...

i have a problem with the pve fw: i have the fw activated on my cluster, host and vm so i create a fw rule on my host: source: https://www.cloudflare.com/de-de/ips/ destination: myip/24 even in my /etc/pve/nodes is the entry IN DROP -source +dc/cloudflare-v4 -dest +dc/packets-ipv4-network...

Hi Everyone, could you please give an advice how to configure my network? Looks like I got stuck. I have Proxmox server and I install OPNsense firewal as a VM inside PVE. After that I passthrough a 2 NIC PCIe network card derectly to the VM. OPNsense (firewall) work perfectly with all...

Hello, I have tap/fwbr/fwpr/fwln interfaces for each VM interface although I have Proxmox firewall disabled on cluster, node and all vms. I have enabled the firewall once, but disabled it again. Example: # ip a|grep 104 22: tap104i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc...