firewall

I'm experimenting with the Security Group feature for the first time. I've read the documentation but can't quite put my finger on it... I have a KVM running LMDE and want it to be able to access the internet, but not any devices on the LAN. The use case is to give users linux virtual machines...

Hello all, I virtualize my firewall via OPNsense, and previously had it set up using Hyper-V core. I recently began the move to Proxmox, but have been struggling with a couple issues. Note, I am not necessarily the most experienced in networking, as most of my knowledge is self-taught. For...

First I would like to apologize for my English. I have server with installed ProxMox 7.1-10 and maked CT from template debian-10-turnkey-openvpn_16.1-1_amd64.tar.gz. The server has 4 IP's, configured PREROUTING and POSTROUTING nat rules for translate network from vmbr0 to vmbr1 and reverse. #...

Hi, I am trying to block a port for a VM on proxmox for incoming traffic, but it looks not working, please refer to the rule I created in the attachment. Anyone can advise on this? Also, actually, I am looking to block all the ports for incoming traffic except a few(for VM), is it possible? if...

Hi, I have an old TS140 with 2 NICS both speed is 1Gbps, the server got 14GB DDR3 RAM, and i3 4170 CPU, internet speed is 500/20. I installed proxmox on it, 1 Windows server virtualization, and 1 for nat/firewall/dhcp/dns called zeroshell. Upload speed just works fine, but download speed is...

Hello and thanks in advance for your help/ I have installed CSF Configserver firewall script to my server Debian 11 PVE 7.1.10 Proxmox proxmox-ve: 7.1-1 (running kernel: 5.13.19-4-pve) pve-manager: 7.1-10 (running version: 7.1-10/6ddebafe) pve-kernel-helper: 7.1-12 pve-kernel-5.13: 7.1-7...

PVE 7.1-10 Kernel: Linux 5.15.19-1-pve #1 SMP PVE 5.15.19-1 I have created two vms (id 9000, ip 192.168.200.120 and 9001 IP 192.168.200.121) with ubuntu linux 20.04 on a proxmox 7.1-10 cluster. Both vms have proxmox firewall settings enabled (see configuration below), also the cluster has...

Hello everyone, according to WIKI the suricata integration take place under /etc/pve/firewall/<VMID>.fw, and the rule will be automatically added to the iptables . It is exactly my case however i am not receiving alerts at Suricata. this is how the rule looks like: 2 NFQUEUE all --...

Hallo, wir haben hier ein 7.1-10 Cluster aus 8 Hosts (alle Debian) mit vielen VMs. Seit dem Upgrade von der 6er Version gibt es folgendes seltsame verhalten. Wenn auf einem PVE Host das Netzwerk mit "systemctl restart networking" restartet wird, haben alle VM's des Hostes keinen Zugriff auf...

I am actually trying to link Pve-IPS output to suricata. I am running suricata using the NFQ mode and im sending traffic to suricata with the gateway-scenario using the following cmd: # iptables -I FORWARD -j PVEFW-IPS The problem is every time i restart the host the added rule is gone (-A...

I have now a proxmox on a Dell T1700 and it works very well. I have some VM connect but now I'm a little curious to maybe add a networks card with four ethernet and also use it as a firewall/router. What are the pros and cons of having a virtual router / firewall in Proxmox to handle internet...

Hello everyone, I have a fresh install of Proxmox 7.1-7 with the WebUI being on a 192.168.1.0/24 network and I'm trying to access it from a 192.168.35.0/24 network. I have two older Proxmox machines on the same 192.168.1.0/24 network and I'm able to access their WebUI's from my 192.168.35.0/24...

Guten Abend zusammen, ich bin aktuell dabei mein neuen Proxmox Host einzurichten. Der Host steht bei einem Anbieter im Rechenzentrum. Ich habe leider aktuell keine Möglichkeit den Host hinter eine Firewall etc. zu hängen, und versuche den Zugriff auf den Host so gut wie möglich abzusichern...

Hi, So I am trying to set up a simple OVS bringe with a single NIC. Config: auto lo iface lo inet loopback allow-vmbr0 ens3 iface ens3 inet manual ovs_type OVSPort ovs_bridge vmbr0 ovs_mtu 1450 allow-ovs vmbr0 iface vmbr0 inet static address 158.37.63.230/24...

I have an odd issue with my cluster-wide firewall that I can't seem to figure out. I want to limit Proxmox GUI access to one network (192.168.10.0/24) on all nodes. I've been able to accomplish this on 5 of my 6 nodes, but don't understand why I can't make it work on the final node. I have 6...

Hallo zusammen, ich habe ein Problem mit dem default GW. Ich betreibe einen Proxmox Server auf einem Root Server bei Hetzner. Der Server hat das Default GW auf dem "WAN" Interface auf dem die Öffentliche IP anliegt. Ich habe eine Firewall aktiv welche per VPN das lokale LAN verbindet mit mir...

So I have this set up: I can ping other VMS on the same network but cannot access the internet. a few days ago I could when I set up a VM bride for testing purposes but now I cannot I do think it is due to some routing issues any input would be recommended I do not know too much about...

I would like to make a router for a 10G+ bandwidth (BGP+QoS+Firewall). Of course I will passthrough the network cards inside to the VM/Container. What is better for that purpose: Container or Virtual machine?

Hello, I can not resolve any hostname on my debian vm as long as ufw is enabled on proxmox. is there some configuration or some rule that I can add? I'm running proxmox on a dedicated server, the installation was made with the hoster's iso. it originally came with following networking: auto...

Hi, Is it possible to enable PVLAN / VM ISOLATION on Proxmox? Due to security requirements, we want to inspect traffic between VM's in the same subnet. If we remove the local route on the host, all traffic to VM's on the same subnet will go via the firewall (external hardware outside of...