firewall

PVE 7.1-10 Kernel: Linux 5.15.19-1-pve #1 SMP PVE 5.15.19-1 I have created two vms (id 9000, ip 192.168.200.120 and 9001 IP 192.168.200.121) with ubuntu linux 20.04 on a proxmox 7.1-10 cluster. Both vms have proxmox firewall settings enabled (see configuration below), also the cluster has...

Hello everyone, according to WIKI the suricata integration take place under /etc/pve/firewall/<VMID>.fw, and the rule will be automatically added to the iptables . It is exactly my case however i am not receiving alerts at Suricata. this is how the rule looks like: 2 NFQUEUE all --...

Hallo, wir haben hier ein 7.1-10 Cluster aus 8 Hosts (alle Debian) mit vielen VMs. Seit dem Upgrade von der 6er Version gibt es folgendes seltsame verhalten. Wenn auf einem PVE Host das Netzwerk mit "systemctl restart networking" restartet wird, haben alle VM's des Hostes keinen Zugriff auf...

I am actually trying to link Pve-IPS output to suricata. I am running suricata using the NFQ mode and im sending traffic to suricata with the gateway-scenario using the following cmd: # iptables -I FORWARD -j PVEFW-IPS The problem is every time i restart the host the added rule is gone (-A...

I have now a proxmox on a Dell T1700 and it works very well. I have some VM connect but now I'm a little curious to maybe add a networks card with four ethernet and also use it as a firewall/router. What are the pros and cons of having a virtual router / firewall in Proxmox to handle internet...

Hello everyone, I have a fresh install of Proxmox 7.1-7 with the WebUI being on a 192.168.1.0/24 network and I'm trying to access it from a 192.168.35.0/24 network. I have two older Proxmox machines on the same 192.168.1.0/24 network and I'm able to access their WebUI's from my 192.168.35.0/24...

Guten Abend zusammen, ich bin aktuell dabei mein neuen Proxmox Host einzurichten. Der Host steht bei einem Anbieter im Rechenzentrum. Ich habe leider aktuell keine Möglichkeit den Host hinter eine Firewall etc. zu hängen, und versuche den Zugriff auf den Host so gut wie möglich abzusichern...

Hi, So I am trying to set up a simple OVS bringe with a single NIC. Config: auto lo iface lo inet loopback allow-vmbr0 ens3 iface ens3 inet manual ovs_type OVSPort ovs_bridge vmbr0 ovs_mtu 1450 allow-ovs vmbr0 iface vmbr0 inet static address 158.37.63.230/24...

I have an odd issue with my cluster-wide firewall that I can't seem to figure out. I want to limit Proxmox GUI access to one network (192.168.10.0/24) on all nodes. I've been able to accomplish this on 5 of my 6 nodes, but don't understand why I can't make it work on the final node. I have 6...

Hallo zusammen, ich habe ein Problem mit dem default GW. Ich betreibe einen Proxmox Server auf einem Root Server bei Hetzner. Der Server hat das Default GW auf dem "WAN" Interface auf dem die Öffentliche IP anliegt. Ich habe eine Firewall aktiv welche per VPN das lokale LAN verbindet mit mir...

So I have this set up: I can ping other VMS on the same network but cannot access the internet. a few days ago I could when I set up a VM bride for testing purposes but now I cannot I do think it is due to some routing issues any input would be recommended I do not know too much about...

I would like to make a router for a 10G+ bandwidth (BGP+QoS+Firewall). Of course I will passthrough the network cards inside to the VM/Container. What is better for that purpose: Container or Virtual machine?

Hello, I can not resolve any hostname on my debian vm as long as ufw is enabled on proxmox. is there some configuration or some rule that I can add? I'm running proxmox on a dedicated server, the installation was made with the hoster's iso. it originally came with following networking: auto...

Hi, Is it possible to enable PVLAN / VM ISOLATION on Proxmox? Due to security requirements, we want to inspect traffic between VM's in the same subnet. If we remove the local route on the host, all traffic to VM's on the same subnet will go via the firewall (external hardware outside of...

Hello everyone, I work in a company where the internet connection is provided by 2 modems from 2 different access providers (access provider_1 and access provider_2) We are usually connected to access provider_1, the 2nd modem serves as a relay in the event of failure of the 1st. when we are...

Hello everyone! I have a recently created Proxmox 7 cluster made of a number of hosts. These hosts have a public IP address each and also a private IP address (192.168.1.0/24), connected via VLAN with id 4003, which is used by the hosts to talk to each other (it's the IP address I used when...

Hi, I recently bought myself a DELL PowerEdge R470 Server and installed Proxmox 7.0.13 on it. It's working great, but all the virtual machines have the same ipv4 on the internet. They only have different IP addresses on my local network. I looked a bit around but I couldn't figure out how to...

Hello, I know this topic is already discussed thousens times here in the forum, but it seems that my issue is somehow different.. The moment I activate a firewall interface for any of my guests I start receiving so called "alarms" like this one: Oct 01 10:19:26 proxmox-node-1.home.lan kernel...

Hi, I have some problems getting the LXC firewalls managed by Proxmox to work. This is my pve setup: auto lo iface lo inet loopback iface enp9s0 inet manual auto vmbr0 iface vmbr0 inet static address xxx.xxx.xxx.227/32 gateway xxx.xxx.xxx.193 bridge-ports enp9s0...

Hi to all, we're experiencing a problem with firewall on a proxmox cluster and after few tests it seems it'a a linux bridge problem The packet capture show that fragmented packets passing through the bridge are reassembled and sent out. This is causing us some problems, even if proxmox cluster...