firewall

Hi guys, We need some help please. In short - we've setup vyos routing on our pve cluster. The problem is as soon as vyos vm get's an IP address and starts peering all the other guests on the SAME host with firewall ON (on the nic), SOME applications (curl and rsync - there might be more, but...

I am trying to port foward HTTP:80 to IP: 24.12.3.250 I can access my website from 24.12.4.250 since it on the internal network shown below, but when its time to access it from outside the private network I can't access it. (The unnamed router at the top is my home network with the subnet...

Hello, I have been using PVE for several months and recently I had to change my motherboard, after replacing the motherboard of my server I have a defect when starting the promox distribution: [FAILED] Failed to start LSB: Personal Firewall :mad: In front of my server I use a netgate...

I don't know when this issue started, but I have IPv6 disabled via grub by using "ipv6.disable=1" on GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub. My syslog is being flooded with the following messages: Nov 19 10:53:24 pve pve-firewall[1053]: status update error: iptables_restore_cmdlist...

Hi, I have created my own LOG chains for specific rules added for each guest. My first question is how can I log in separate log file like PVEFW does per guest? Currently all logs go into the Node's firewall log. Second question is, how can I format the log output to be similar to PVEFW? At...

Good day everyone! I am trying to provision some LXC in my 4-node Proxmox 7.2 cluster via Ansible using the proxmox module. After much struggle I've been able to provision the container but I am stuck at the firewall configuration. Currently I am trying to template a firewall.j2 file into a...

I`m trying to add some custom iptables rules (like connlimit) for guest machines. Example rule is: -A tap101i0-IN -p tcp -m connlimit --connlimit-above 30 --connlimit-mask 32 --connlimit-saddr -j REJECT --reject-with tcp-reset As seen tap101i0 is the vm 101 adapter. The rule has no effect, I...

Hi I try to understand how a proxmox host can be hardened with ufw. I understand that proxmox has a own firewall but I have an ansible role which manage hardening etc. on all my servers and therefore would like to use ufw on my proxmox host. However as I tried to use I saw that my lxc...

Hi, I was trying to use Promox firewall but ran into "strange" problems: as soon as firewall on DC level (but not on VM level!!) is active real traffic between VMS running on the same host, but in different VLANs, doesn't work. I emphasize "real traffic" because ping still works and also a...

Hi, I'm new around here and trying to learn Proxmox. I installed Proxmox on Linux. Everything is very good. In it, I installed Windows Server 2022, as a VM. Normally all ports are closed when I activate the firewall. I open the necessary ports for 8006 and RDP, no problem. The problem also...

I just created two VMs and for some reason they don't seem to get IP assigned from the DHCP server. When I give them static IP it does work. I just go into Proxmox fyi. So there must've been something I missed configured or haven't configured at all. Thank you.

Hey everyone, We have a 10G Internet connection but we are not even reaching 1GB Internet Speed to the firewall installed on proxmox. We have used the Intel1000 as nwetowrk card. Is it possible to get the full Internect connection speed to the firewall?

Hello. I want to give internet access to a VM. I used this technique a lot of times, why is now not working? # network interface settings; autogenerated # Please do NOT modify this file directly, unless you know what # you're doing. # # If you want to manage parts of the network configuration...

Hello. I am trying to modify nf_conntrack options in /etc/sysctl.conf i have : net.netfilter.nf_conntrack_generic_timeout=60 net.netfilter.nf_conntrack_icmp_timeout=10 #net.netfilter.nf_conntrack_tcp_timeout_close=10 net.netfilter.nf_conntrack_tcp_timeout_close_wait=20...

Hi, We've been looking into enabling firewall on our PVE. A VM is running Windows serving Microsoft AlwaysOn IKEv2 to clients. When firewall is enabled on the cluster, the clients are no longer able to authenticate, existing connections continues to function, until they disconnect. As soon as...

Hello! In a VM I created a network namespace "ns_twsgw" (IP a.b.c.82, main IP a.b.c.81) with a bridged macvlan (second MAC address on the virtual ETH IF). I see all the ping packets from the "ns_twsgw" network inside the VM with tcpdump, but I don't see them on the bridge IF (e.g.: fwpr106p0)...

I've been having an issue where various VMs become spontaneously unreachable from local machines, but are still reachable from proxmox itself. I don't have any firewall turned on in proxmox or the VMs, but it's acting as if there is one. I can't make heads or tails of this -- it just starts on...

Hello, When the Firewall is set on default Input Policy DROP on Datacenter level, and the Firewall is enable, it does not work at all. The server is not filtered and is fully open, just like by ACCEPT. I can easily access it from different PC, without said PC being in rules or Security Group...

Hi Guys, I have 4 Server cluster i am trying to apply firewall rule to block 1 IP range from another interacting or accessing but i am unable to do so, i have been scratching my head since morning if someone can enlighten me a bit it would be great. firewall is enabled on Datacanter->Node-> VM...

Hi, a security group I set up is blocking and logging some traffic that doesn't make sense to me, I'm wondering if anyone knows why its happening. The source seems to be 1.1.1.1 and destination is my phone. My router is a separate device and DHCP is also from the router, so I don't understand...