firewall

Hello, I enabled the firewall in datacenter, node and container and I can see quite a few iptables rules loaded and some new PVE chains. The problem is that I created a rulea for a container and I can not see that rule in iptables. This is the rule: But I can not see that rule in the node...

Hello, I have a number of LXC on a bridged network. I'd like to restrict network access for those LXC in such a way outbound traffic is allowed one internal IP may be reached all other traffic is dropped Can this be done w/ the Proxmox 4 firewall? Or do I need to add custom iptables rules...

Hello, my current setting is the following. I have two public IP addresses. One is assigned to the physical host where Proxmox VE is installed on. The other one is assigned to a pfSense VM inside of Proxmox (connected to the vmbr0). I can ping both public IPs from the outside. Currently the...

Hi, I activated the firewall on the datacenter level, set input on accept, enabled it on the Node level (no config) and enabled the firewall on the network of the VM. I created a rule (input, drop and enabled) and enabled the firewall. but still the whole node is reachable on the net. I tested...

Hi, What is the easiest way to completely disable the firewall from command line, the "proxmox way" ? Someone f*cked up the firewall config and we don't have access to the web interface any more and cluster config is broken.

Hello, I'm running Proxmox 4.2 on an OVH server w/ the standard OVH setup. Inside a LXC container there's Webmin listening on ports 10000/tcp and up, Webmin folks say it should suffice to open ports unto 10010/tcp for RPC access. I'm using the Proxmox firewall and have restricted access to...

I am currently switching to Proxmox from Xenserver (bridged mode, multiple networks, NAT via iptables, selective port forwards). I could easily replicate my former setup, just using /etc/network/interfaces and iptables. However, I would like to know, if there is a more elegant solution? Can...

I have a production prox server and I need to block everyone from web GUI access except 3 IP addresses. I know this can be done via the firewall but I do not have access to a test machine to play around with the firewall. Can anyone point me to a tutorial or something that I can follow in a...

Wondering if initial connection attempts between two VMs on the same PVE 4.2 cluster been refused is due to using PVE FW and if so could this be avoided. It seems like some kind connection [state] cache needs to be set initially before been allowed as iptables rules dictate. Happens again after...

TLDR: What ports do I need open on my NFS server for Proxmox nodes to discover and use exports? ------------------------------------------------------------------------- Due to some recent changes in our switching setup I've had to enable the firewall on our NFS server (which used to only be...

Got a non-std corosync config here with a static nodelist and 2x rings across each their redundant switch networks: This imposes some issues when wanting to use the firewall, as PVEFW-HOST-IN/OUT chains says: Could I modify these standard created chains to allow for both our corosync rings...

When ever trying to rename a Security Group I get this error in a popup window: detected modified configuration - file changed by other user? Try again. (500) leave me to mod the /etc/pve/firewall/cluster.fw manually :/

So here is the setup I have. A single, public, proxmox server running version 4.1-22. It has a single NIC with a single public IP. And that is all I can get. So naturally I am using NAT behind that public IP for my containers. So on the physical host, Eth0 --> Vmbr0 /w public IP. In...

Hi, I have 2 KVM VMs (KVM1 and KVM2) connected on the same host's vmbrXX (bridge mode). I would like to isolate KVM1 from KVM2. I tried to use the proxmox firewall and add the 2 following rules for KVM1 (and the firewall option is ticked on the nic): [RULES] IN DROP OUT DROP But I can ping...

Hello! According to wiki, all rules defined in /etc/pve/firewall/cluster.fw are "cluster wide firewall rules for all nodes". Question: Where should I define rules that are only valid for the host but not overall for all nodes? THX

Hi, I was wondering if it is possible to achieve a configuration similar to the image below with a single nic. Right now I have: Host Machine - vmbr0(192.168.1.103) bridged with eth0; vmbr1 connected to nothing pfSense - em0(192.168.1.106) bridged with vmbr0 -...

Hi, Long ago, I had set up PVE to pass the external IP address through to a KVM firewall by doing something like the following: PVE's vmbr1 was on eth1 with a static address of 0.0.0.0. vmbr1 was eth0 on the KVM running the firewall distro. The firewall distro had its eth0 set to the external...

Hi, I have PVE4 installed on a Kimsufi VPS, & I have just the one IP address on vmbr0 with which to access the host. As such, I have my KVM set with NAT selected in the network interface, since there aren't any more addresses that can be assigned to it if I were to use a bridge. How do I need...

Hello, i am new in the proxmox world, and i want to connect to vpn PPTP from VM (winXP) to get different internet IP (i don't want sharing the host internet IP) so when i try to connect to PPTP server i face a error (619). i use NAT network for this VM, and i allow any traffic (in & out) in...

Hi everyone, First of all, after many years of use, I wanted to thanks the whole team behind Proxmox VE for the amazing work! I'm now since a few months a happy user of Proxmox VE 4 and it's LXC containers. However, I've lately been facing issues with firewall logging: I am using custom...