firewall

I've been testing out the newer nftables-based firewall, and outside of the (very annoying) syntax changes for iplists/aliases, it seems to be working well. However, I noticed an issue when configuring a VM that has three network interfaces. Only two of the three interfaces have the firewall...

Help! I have TS3 running on a lxc. I can connect to the TS3 server locally and externally as long as the container's firewall is deactivated. There are two security groups added: 1. webserver - accepts incoming HTTP and HTTPS (80 and 443) and also SSH (22); no source port, no destination or...

Hello everyone. I have rented a dedicated server with Proxmox VE 8.3 installed. It is accessible via the public IP address 32.43.54.65:8006 (not a real ip). I want to set up a pfSense virtual machine on Proxmox and configure it so that Proxmox itself and all future virtual machines are behind...

Hello everyone, so I am trying to implement a Sophos FW as a VM in proxmox. I have watched this video ( https://www.youtube.com/watch?v=7pvgKc3WdEg ), everything has worked till the network config, I don't know how to configure my WAN and LAN interface. This is my home network: And this is my...

Hey everyone! I have a Proxmox 7.4 cluster with several nodes. Across them, there are two VMs, live and test, both based on Ubuntu 18.04, both with a private IP address for communication among LXCs and VMs, and with a public IP address to access the Internet. Firewall is open for specific ports...

Wiki for reference: https://pve.proxmox.com/wiki/VNC_Client_Access I'm looking into adding this to some of my VMs to make them more accessible. However, I'd like to isolate the VNC network from Proxmox MGMT in general. I've run into a few issues so far, and I'm not quite sure the best...

Hello, I am having a hard time accessing my Proxmox server. I have one router sitting between my computer and the Proxmox. The Proxmox is connected through 1 physical cable to the router, which is configured as a VLAN trunk port with VLAN 10 and 30 configured. For VLAN 10, I am using the network...

I have a user on my cluster that I want to give permission to edit their own vnet firewall rules. I created a separate SDN zone for them as I don’t see a way to give permissions on just a single vnet. I can give them permission to use that SDN zone, but I can’t find a way to give them access to...

i have a problem with the pve fw: i have the fw activated on my cluster, host and vm so i create a fw rule on my host: source: https://www.cloudflare.com/de-de/ips/ destination: myip/24 even in my /etc/pve/nodes is the entry IN DROP -source +dc/cloudflare-v4 -dest +dc/packets-ipv4-network...

Hi Everyone, could you please give an advice how to configure my network? Looks like I got stuck. I have Proxmox server and I install OPNsense firewal as a VM inside PVE. After that I passthrough a 2 NIC PCIe network card derectly to the VM. OPNsense (firewall) work perfectly with all...

Hello, I have tap/fwbr/fwpr/fwln interfaces for each VM interface although I have Proxmox firewall disabled on cluster, node and all vms. I have enabled the firewall once, but disabled it again. Example: # ip a|grep 104 22: tap104i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc...

Hi folks. Apologies in advance - I am very much a Windows person from a professional perspective, but am "tinkering" with ProxMox and VMs, etc. at home for a personal home setup - mostly as I wanted to set up a dedicated Satisfactory server (which is working perfectly fine - including the port...

I'm setting up Proxmox server with pfSense as a VM to act as the main gateway/firewall. The system is in a remote location with a single ISP connection in passthrough mode providing a public IP. My concern: If the pfSense VM becomes inaccessible, I could lose remote management access to the...

Moin zusammen, ich habe gestern einen neuen Proxmox-Node (PVE8.3) in einem abgeschotteten Netzsegment standalone in Betrieb genommen. Ich habe auf dem Node die iptables Firewall ein- und ausgehend für die dort laufenden VMs aktiviert (Default DROP). Für das Monitoring dieses Netzes nutzen wir...

Hi, By enabling cluster firewall (we have one node), we can't do asymmetric bgp routing in a VM, since Proxmox drops the invalid packets (even when firewall is disabled for a VM) We want to have firewall enabled, but since invalid packets are only forwarded towards the bridge and not the VM...

Hello everyone, I'm having issues with service discovery, after enabling firewall on my LXC (smb with configuration for time machine*). Everything else is working, aside from the server discovery after enabling firewall on the lxc. Service discovery works again, after disabling the firewall on...

Hi everyone, I'm planning to set up MAC filtering for IPv4 traffic in my Proxmox live cluster and aim to use ebtables and ipset where necessary, but I would like to primarily rely on Proxmox's built-in GUI features for easier management. As I'm still learning Proxmox's firewall system and...

Hey all I'm fresh in Proxmox. Is proxmox support "Service Chaining" or something equivalent? I have my own firewall (VM that enforce some security policy rules). Can I chain it in the traffic flow, such that packet that? A very simple example of a service chain would be one that forces all...

Hello, I have 2 VMs running on a single Proxmox server. on all VMs I have: $ nmap -Pn -p 22 10.10.21.117 Starting Nmap 7.95 ( https://nmap.org ) at 2024-11-16 22:01 PST Nmap scan report for 10.10.21.117 Host is up (0.000086s latency). PORT STATE SERVICE 22/tcp filtered ssh Nmap done: 1...

Hi there! VMs can't ping route after pve restart networking.service and won't able to reconnect automaticlly. I have to toggle firewall flag of network device net0( enable firewall if it is disable, vice versa) to resume VM's network. Impacted VMs' system are debian12 and win10. Neither...