firewall

  1. Firewall rules not loaded for lxc containers

    Hello, I enabled the firewall in datacenter, node and container and I can see quite a few iptables rules loaded and some new PVE chains. The problem is that I created a rulea for a container and I can not see that rule in iptables. This is the rule: But I can not see that rule in the node...
  2. How to prevent traffic between LXC on bridged network?

    Hello, I have a number of LXC on a bridged network. I'd like to restrict network access for those LXC in such a way outbound traffic is allowed one internal IP may be reached all other traffic is dropped Can this be done w/ the Proxmox 4 firewall? Or do I need to add custom iptables rules...
  3. Side-effects of datacenter firewall rules

    Hello, my current setting is the following. I have two public IP addresses. One is assigned to the physical host where Proxmox VE is installed on. The other one is assigned to a pfSense VM inside of Proxmox (connected to the vmbr0). I can ping both public IPs from the outside. Currently the...
  4. Firewall not working followed tutorial...

    Hi, I activated the firewall on the datacenter level, set input on accept, enabled it on the Node level (no config) and enabled the firewall on the network of the VM. I created a rule (input, drop and enabled) and enabled the firewall. but still the whole node is reachable on the net. I tested...
  5. Disable firewall from command line

    Hi, What is the easiest way to completely disable the firewall from command line, the "proxmox way" ? Someone f*cked up the firewall config and we don't have access to the web interface any more and cluster config is broken.
  6. Firewalled port on LXC container

    Hello, I'm running Proxmox 4.2 on an OVH server w/ the standard OVH setup. Inside a LXC container there's Webmin listening on ports 10000/tcp and up, Webmin folks say it should suffice to open ports unto 10010/tcp for RPC access. I'm using the Proxmox firewall and have restricted access to...
  7. Can I use the firewall for custom port forwards and masquerading?

    I am currently switching to Proxmox from Xenserver (bridged mode, multiple networks, NAT via iptables, selective port forwards). I could easily replicate my former setup, just using /etc/network/interfaces and iptables. However, I would like to know, if there is a more elegant solution? Can...
  8. Only Allow WebGUI Access to 3 IPs

    I have a production prox server and I need to block everyone from web GUI access except 3 IP addresses. I know this can be done via the firewall but I do not have access to a test machine to play around with the firewall. Can anyone point me to a tutorial or something that I can follow in a...
  9. stefws

    Initial cnx refused

    Wondering if initial connection attempts between two VMs on the same PVE 4.2 cluster been refused is due to using PVE FW and if so could this be avoided. It seems like some kind connection [state] cache needs to be set initially before been allowed as iptables rules dictate. Happens again after...
  10. NFS Firewall Woes

    TLDR: What ports do I need open on my NFS server for Proxmox nodes to discover and use exports? ------------------------------------------------------------------------- Due to some recent changes in our switching setup I've had to enable the firewall on our NFS server (which used to only be...
  11. stefws

    FW vs corosync config with 2 rings

    Got a non-std corosync config here with a static nodelist and 2x rings across each their redundant switch networks: This imposes some issues when wanting to use the firewall, as PVEFW-HOST-IN/OUT chains says: Could I modify these standard created chains to allow for both our corosync rings...
  12. stefws

    PVE 4.2 UI fails to rename Security Group

    When ever trying to rename a Security Group I get this error in a popup window: detected modified configuration - file changed by other user? Try again. (500) leave me to mod the /etc/pve/firewall/cluster.fw manually :/
  13. [SOLVED] Isolate Containers from One Another

    So here is the setup I have. A single, public, proxmox server running version 4.1-22. It has a single NIC with a single public IP. And that is all I can get. So naturally I am using NAT behind that public IP for my containers. So on the physical host, Eth0 --> Vmbr0 /w public IP. In...
  14. hakim

    Isolating 2 KVM on the same VMBR

    Hi, I have 2 KVM VMs (KVM1 and KVM2) connected on the same host's vmbrXX (bridge mode). I would like to isolate KVM1 from KVM2. I tried to use the proxmox firewall and add the 2 following rules for KVM1 (and the firewall option is ticked on the nic): [RULES] IN DROP OUT DROP But I can ping...
  15. Firewall: How to define rule only valid for Proxmox host?

    Hello! According to wiki, all rules defined in /etc/pve/firewall/cluster.fw are "cluster wide firewall rules for all nodes". Question: Where should I define rules that are only valid for the host but not overall for all nodes? THX
  16. [SOLVED] Proxmox => pfsense => vm setup help.

    Hi, I was wondering if it is possible to achieve a configuration similar to the image below with a single nic. Right now I have: Host Machine - vmbr0(192.168.1.103) bridged with eth0; vmbr1 connected to nothing pfSense - em0(192.168.1.106) bridged with vmbr0 -...
  17. IP Address Passthrough to pfSense KVM

    Hi, Long ago, I had set up PVE to pass the external IP address through to a KVM firewall by doing something like the following: PVE's vmbr1 was on eth1 with a static address of 0.0.0.0. vmbr1 was eth0 on the KVM running the firewall distro. The firewall distro had its eth0 set to the external...
  18. How To Connect To KVMs With Just 1 Public IP Address (Kimsufi VPS)

    Hi, I have PVE4 installed on a Kimsufi VPS, & I have just the one IP address on vmbr0 with which to access the host. As such, I have my KVM set with NAT selected in the network interface, since there aren't any more addresses that can be assigned to it if I were to use a bridge. How do I need...
  19. Connection to vpn PPTP from VM (winXP)

    Hello, i am new in the proxmox world, and i want to connect to vpn PPTP from VM (winXP) to get different internet IP (i don't want sharing the host internet IP) so when i try to connect to PPTP server i face a error (619). i use NAT network for this VM, and i allow any traffic (in & out) in...
  20. [SOLVED] iptables logging inside LXC containers

    Hi everyone, First of all, after many years of use, I wanted to thanks the whole team behind Proxmox VE for the amazing work! I'm now since a few months a happy user of Proxmox VE 4 and it's LXC containers. However, I've lately been facing issues with firewall logging: I am using custom...

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!