firewall

Hi, I want to use the Proxmox VE firewall to prevent my VMs on the NAT network (vmbr1) from accessing my local network. My first thought was to use the firewall, but after enabling it, my NAT setup collapsed. I'm pretty sure I did something wrong, but I just can't see it.... I'm not a networking...

Hi, we are trying to use fail2ban on a host and use the Proxmox Firewall feature in order to block / open ports. In my PVE host (datacenter layer), I have these firewall rules configured: Security-Group "default-host" => Accept SSH (TCP port 22) Accept GUI (TCP Port 8006) Now I also have...

Hello, I am trying to access the Ubuntu VM from my Mac using the AFP protocol. If I switch off the VM's firewall, this also works. However, it does not work when I switch it on - although I have enabled the corresponding port 548 (https://support.apple.com/de-de/HT202944). I currently have the...

Dear all, I am trying to build a home server where i want to run few services, such as Nextcloud, as LXC contianers. I am relatively new to networking and before posting here i have read several pieces of documentation. Nevertheless, i still have doubts regarding the best setup for my use case...

Hello, I've a container which needs to send mails to a server located in the internet via SMTP. Default outgoing behaviour is reject. I started with an outgoing rule using the SMTPS-Macro and restricted the destination ip address. So far, so good; but it didn't work. So I removed the IP address...

Hello guys, I started to install a Proxmox VE on a server as a Home Lab to host some services. Those services needs to be accessed from anywhere. Basically, I've followed this tutorial: https://blog.zwindler.fr/2020/03/02/deploiement-de-proxmox-ve-6-pfsense-sur-un-serveur-dedie/ But I think...

I am running a synology NAS on 192.168.0.100 with NFS activated. Share "proxmox" has been set on synology with user rights R/W. It is visible to * with NFSv4.1 active. (I have tried 3.0 before, same results) The NFS Share can be found and accessed from local Mac computers. Any help is...

Hi there! I'm running into a really wild issue here: I want to access my PVE remotely from a different network, so I'm using a wireguard VPN running in an LXC on my Proxmox node. I can use it and ssh into it and other LXCs just fine, however I can't access the pve itself neither by ssh nor by...

Proxmox 8.1.3 - So we have a firewall at the Datacenter, Node and VM level. I want to add a rule so that all VMs cannot access a computer (not on Proxmox) on a specific IP addresses. Do I need to add the DROP rule on each VM or can I put one DROP rule at the Node level? On a firewall rule, if I...

Hey everyone! Quick question: Does the HTTPS macro of the PVE Firewall include UDP traffic (to port 443) or is it still just TCP? I am on PVE 7.4-17, but if it is available in PVE 8.x I would also be interested in the answer, since I plan on migrate to it soon. Thanks in advance.

Hi All, I would like to implement the following. I've been fighting the whole weekend to set this up, with no success so far. Initially, I wanted to use Sophos XG as my Firewall, but I reverted back to Pfsense for now as it seems easier to configure for a noob like me. On my...

I currently have two proxmox Metals in Scaleway Cloud. Yesterday I bought my second one but with the first one I didn't have any issue. So my setup in the first one is a pfsense firewall with a WAN and a LAN in 192.168.1.0/24. Now I introduced the second Metal and created another pfsense (I know...

Hi, I read over some other threads that this issue is known but the solution does not seem to be official. That's why I'm posting this one. Example: VM1 on vlan30 and VM2 on vlan60 - VM1 can ping VM2 (and vice versa) - VM2 cannot ssh VM1... But VM1 can ssh to VM2 - PVE firewall is activated...

Hi, I noticed that if I set the OUTPUT policy to DROP, I need to add a few rules by default for SSH, migrations to work if I add another ringX address. Could it be that some rules that gets set by default for INPUT may have been forgotten in output ? I see the usual ports...

Hi To avoid to loose emails during patches and upgrades we usually closed the SMTP ports via the local firewall in the past at other Linux mail relays. Now I'm missing the functionality of iptables-save / iptables-restore at the PMG. Even after installing the mentioned packages and saving the...

Hi, Ich versuche die outgoing connections eines LXC derart zu unterbinden, dass er nur noch auf einen bestimmten Host auf zwei bestimmten Ports zugreifen kann. LXC1 -------------------tcp 1883/8883--------------->LXC2 Dazu habe ich Firewall im Datacenter aktiviert Firewall der Node auf...

I'm running into exactly the same issue as #56300. The previous thread was old and I have more details on that, so I thought I'd just open a new thread. PVE version is almost up-to-date: proxmox-ve: 8.0.2 (running kernel: 6.2.16-6-pve) VM → Firewall → Options → Firewall = No: No effect VM →...

Hi, PVE 7.4-16 here. It looks like I can't drop this type of traffic at datacenter/node level. Only VM level works. As per Anydesk documentation (and further traffic sniffing) this is the traffic I need to drop: - protocol: UDP - destination IP: 239.255.102.18 (multicast) - destination ports...

I have a very strict firewall policy that essentially boils down to, block ALL traffic from any and all servers and computers that are not essential to that host's operation or needs. This seemed fine for a while but I just realized that anything on VLAN 10 can access Proxmox via SSH, even...

Hi all, I'm working on my first setup at Hetzner and I can't find any examples of what I am attempting to do. I'm hoping for some insight, an interfaces config or step by step if it's available would both be very helpful! While there's plenty of instructions with regard to hosting OpnSense...