iptables

Moin zusammen, ich habe gestern einen neuen Proxmox-Node (PVE8.3) in einem abgeschotteten Netzsegment standalone in Betrieb genommen. Ich habe auf dem Node die iptables Firewall ein- und ausgehend für die dort laufenden VMs aktiviert (Default DROP). Für das Monitoring dieses Netzes nutzen wir...

Hello everyone, this is my first post on this forum so be nice and point out to me if I'm doing something wrong. I think there is a bug in the kernel 6.8.12-2-pve where icmpv6 Neighbor solicitations packets are dropped if there is the following rule in iptables: ip6tables -I INPUT -m conntrack...

Hello, pve on a bookworm, i want to route vm's port 22(10.0.0.108) to host port 2022, it always not work. it' s my /etc/network/interfacesanything is wrong? auto lo iface lo inet loopback # auto enp6s0 iface enp6s0 inet manual auto vmbr0 iface vmbr0 inet static address 192.168.0.102/24...

I have a bit of a puzzle here. I'm trying to make a web server running in a VM internet accessible. Doesn't have to be pretty. I don't even need SSL. Just need to see the the "Hello World" page on port 80. Once I get that far I'm pretty sure I can build upon it myself. The server in a colo, to...

Hello, I've been strugging for days trying to open a port for nginx on a Proxmox host. I've checked that iptables is in use and not nftables as I thought maybe there was some conflict between the two - My way of doing this was "iptables -V" and I received back "iptables v1.8.9 (legacy)" - from...

Hi there, is there anybody out there who's willing to share his/her Iptables configuration ? I've used ufw successfully until now, but ufw tends to get quite slow over time and I've decided to get rid of it. I'm quite the newbie in iptables though and was hoping someone is willing to share...

s

Hello, i have Proxmox on OVH dedicated server, with two ipv4 addresses. First adress is main address of proxmox machine (vmbr0) i access with it to webinterface, and all of VM's using prerouting (for example port public 200->port 22 local address). Last time i bought additional ipv4 address and...

Hallo zusammen, ich arbeite mich aktuell mit den verschiedenen Optionen der SDN ein. Dabei ist mir aufgefallen, dass wenn ich SNAT anharke oder generell up und down-Regeln in den Interfaces hinzufüge diese mehrfach angelegt aber nie gelöscht werden. auto default0 iface default0...

Here's the situation: We have a bare metal server from Hetzner with one IP4 address. We manage to install Proxmox easily, but when we install virtual machines (Ubuntu), we cannot get them online. Here is the current configuration: source /etc/network/interfaces.d/* auto lo iface lo inet...

Hi, we are trying to use fail2ban on a host and use the Proxmox Firewall feature in order to block / open ports. In my PVE host (datacenter layer), I have these firewall rules configured: Security-Group "default-host" => Accept SSH (TCP port 22) Accept GUI (TCP Port 8006) Now I also have...

Hi To avoid to loose emails during patches and upgrades we usually closed the SMTP ports via the local firewall in the past at other Linux mail relays. Now I'm missing the functionality of iptables-save / iptables-restore at the PMG. Even after installing the mentioned packages and saving the...

Hi! There is a Netflow/IPFIX package for iptables in the base Debian12, but not compatible with the pve8 kernel 6.x Is there any way to make it to work? https://bugs.launchpad.net/ubuntu/+source/iptables-netflow/+bug/2023306 $> aptitude search netflow p iptables-netflow-dkms...

Hi, since switching to Proxmox VE 8 Postrouting SNAT (Unfortunately I must use NAT) in combination with the Proxmox Firewall is not working anymore even with conntrack zones enabled. In Proxmox VE 7 it worked after adding post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1...

Hey guys, I just finished setting up Proxmox VE on my hosted cloud server and I was curious if I will absolutely need to have additional IPs for many of my web-facing services\containers? The reason I ask is that my current host doesn't have any available and probably won't for a few months...

Hi everyone, I have a proxmox on a dedicated server that has a public ip on the WAN side and I created a DMZ to a virtual machine inside it, I noticed that everything passes except the gre protocol. Can you give me a hand please? Below I put the configuration of the interfaces: auto lo iface lo...

Hello, I have problems doing a NAT. I have a dedicated Hetzner with only 1 public IP. Install Proxmox and create a vmbr0 with the data of the public ip then create a mvbr1 with the ip 192.168.10.1 Then create my CT, with the ip 192.168.10.100 Install a Web Server in my CT. and on my private...

I've been hitting my head to the brick wall that is iptables inside a Debian 11.3 container in Proxmox. I cannot seem to get it to block anything and there seems to be some contradicting discussions about if iptables should even work inside LXC. I do use Proxmox firewall as well, and it is...

Hi, I'm trying to achieve following: I want everything, what comes in with TCP protocol, will be natted to 10.10.100.1 except: - Source IP 100.100.100.1 to destination port 22, 8006 - Source IP 100.100.100.2 to destination port 22, 8006 - Source IP 100.100.100.3 to destination port 22, 8006 -...

Hello everyone I have a custom firewall rule for a few VMs that I can't enter in the GUI. The most elegant way would be to load it directly at startup by "post-up" in the /etc/network/interfaces file. The rule looks like this: ip6tables --insert tap181i0-IN -m mac ! --mac-source...