firewall

  1. Proxmox FW needed or not with an OPNsense VM?

    Hello everyone, I'm trying to make my own router/firewall with OPNsense as a VM in Proxmox. What's not clear to me is if I can let OPNsense connect to the internet directly, or if that put Proxmox at risk and thus I should add the Proxmox Firewall to be safe? In both cases Proxmox will be...
  2. Site-to-site-VPN (IPSec): Routingprobleme

    Hallo, ich habe es als Anfänger nach vielen Tagen endlich geschafft, auf einem Debian-11-basierten Container mit StrongSwan ein Site-to-site-VPN per IPSec zustande zu bringen. Auf Seite A habe ich routerseits (Ubiquiti DreamMachine Pro) ein Port-forward für 500 und 4500 auf die lokale IP des...
  3. Fr: Refusé l'accès au réseau local pour ne pas pouvoir ping les machines

    Bonsoir, je voudrais empêché mon contenaire(VM) de pouvoir avoir accès a mon réseau local. J'ai essayer de faire des règles de pare-feu mais je galéré un peut. Si une personne pourrait m'aidé. Voici la configuration principale de mon proxmox et mon réseau: Ip proxmox : 192.168.1.62/24 Ip...
  4. CSF vs VMs firewall

    Hi, Do i really need VM firewall enabled while i have CSF installed on cPanel/WHM? Or the VM firewall is more used for specific ports to be blocked and accessed only from specific devices/IP whereas CSF is more used on the cpanel/WHM level for protection? I guess my question is if i waste a...
  5. How to setup interface specfic firewall setting?

    Hi, I want to setup different firewall setting on different interface on the same VM. How do I set it in this scenario? eth1: Enable IPFilter (Do not allow IP spoofing) Enable Mac Filter (Do not allow MAC spoofing) eth2: Disable IPFilter (Allow IP spoofing) Enable Mac Filter (Do not allow...
  6. Homelab: can't ping VMs behind Router VM

    This is 4th try after getting no responses from Stack Exchange sites [1, 2, 3] and I've been fighting with this issue for ~2 weeks. I really hope someone can help me with this issue. --- I have a setup like this (this diagram is also available here): I'm running a single PVE host in my...
  7. [TUTORIAL] Configuration of PVE Firewall for PMG Guest

    This is a rough draft of an idea from this thread over in the PMG forum: https://forum.proxmox.com/threads/how-to-close-open-port-111.43310/ Two notes: it would be nice if a future version of PVE included macros for PVE web interface and PMG Submission. There is "Submission" but that's not port...
  8. Firewall setting for NFS Shares

    Hello, i need help for the Firewall settings for NFS Shares in VM's. My Proxmox Server has 3 different LAN Interfaces for WAN LAN and DMZ. I have different VM and container in this networks. My Problem: In the DMZ i have a Debian11 VM and try to connect an NFS Share from my NAS in the LAN...
  9. Howto set Firewall rules with 1NIC / 2 IP's

    Hi Forum. I have some questions, since I've reinstalled a Couple off times for making this setup rigth. I have 1 Dedicated Server hosted Only physical 1NIC 2Public IP's - on vmbr0 The 2. public IP on vmbr0 but bounded by MAC address, so I have a VM running PFsense for this secondary IP...
  10. Proxmox absichern

    Hallo Liebe Proxmox Community, Aktuell bin ich in der Einrichtung eines Proxmox Servers, darauf laufen 2 VM´s mit Windows 10. Das Web Interface von Proxmox ist nur im internen Netzwerk erreichbar. Auch weiter noch nichts konfiguriert oder vorgesehen. Meine Frage ist nun: Muss ich noch etwas...
  11. Use PVE node's external IP address to reach service of a internal network via DNAT

    Hi everybody, I am struggeling with a problem where I did not figure out yet if it is a "basic" networking problem or something that has to do with my SDN configuration. The setup is the following: I have two VEs (192.168.2.10 and .11) coupled as a cluster. Within this cluster there is an...
  12. DynFi User

    [TUTORIAL] Installing an Open Source Firewall on Proxmox-VE 7.3

    DynFi company is a Proxmox-VE partner and also the developer of the DynFi Firewall, a new, modern Open Source Firewall. Since Proxmox-VE and DynFi Firewall are very complementary, we thought that It would be nice to provide end-users with a Screencast detailing the steps required to create a...
  13. Fresh VyOS routing setup - consistent drop of packets (100%), but only some applications

    Hi guys, We need some help please. In short - we've setup vyos routing on our pve cluster. The problem is as soon as vyos vm get's an IP address and starts peering all the other guests on the SAME host with firewall ON (on the nic), SOME applications (curl and rsync - there might be more, but...
  14. Port Fowarding

    I am trying to port foward HTTP:80 to IP: 24.12.3.250 I can access my website from 24.12.4.250 since it on the internal network shown below, but when its time to access it from outside the private network I can't access it. (The unnamed router at the top is my home network with the subnet...
  15. [SOLVED] [FAILED] Failed to start LSB: Personal Firewall

    Hello, I have been using PVE for several months and recently I had to change my motherboard, after replacing the motherboard of my server I have a defect when starting the promox distribution: [FAILED] Failed to start LSB: Personal Firewall :mad: In front of my server I use a netgate...
  16. status update error: iptables_restore_cmdlist

    I don't know when this issue started, but I have IPv6 disabled via grub by using "ipv6.disable=1" on GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub. My syslog is being flooded with the following messages: Nov 19 10:53:24 pve pve-firewall[1053]: status update error: iptables_restore_cmdlist...
  17. PVEFW NFLOG with custom rules

    Hi, I have created my own LOG chains for specific rules added for each guest. My first question is how can I log in separate log file like PVEFW does per guest? Currently all logs go into the Node's firewall log. Second question is, how can I format the log output to be similar to PVEFW? At...
  18. How to configure the firewall of an LXC via Ansible module proxmox?

    Good day everyone! I am trying to provision some LXC in my 4-node Proxmox 7.2 cluster via Ansible using the proxmox module. After much struggle I've been able to provision the container but I am stuck at the firewall configuration. Currently I am trying to template a firewall.j2 file into a...
  19. Guest iptables rules

    I`m trying to add some custom iptables rules (like connlimit) for guest machines. Example rule is: -A tap101i0-IN -p tcp -m connlimit --connlimit-above 30 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset As seen tap101i0 is the vm 101 adapter. The rule has no effect, I...
  20. Proxmox Host and ufw firewall

    Hi I try to understand how a proxmox host can be hardened with ufw. I understand that proxmox has a own firewall but I have an ansible role which manage hardening etc. on all my servers and therefore would like to use ufw on my proxmox host. However as I tried to use I saw that my lxc...

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!