iptables

  1. [SOLVED] PVE Firewall ignores traffic from public IP

    Hello, I use the firewall built into Proxmox which is great. On the private network (172.16.10.x ) the firewall works and blocks what is not explicitly opened (Input Policy: DROP, OUTPUT Policy: ACCEPT), but when I use a public IP, the firewall totally ignores the rules and all traffic on the...
  2. se4n_1

    Default Proxmox Firewall Settings

    Morning, So I would like to compartmentalize my containers in proxmox with the proxmox firewall. Currently in datacenter options I have: firewall=no If I modify this to firewall=yes with firewall options out ACCEPT and in ACCEPT in the firewall tab in the datacenter, is this the same rules as...
  3. No access to one of cluster nodes using port forwarding

    I have a cluster with two PVE nodes inside local network. I'm trying to set up access to PVE using port forwarding. Inside local network everything works fine as well as through VPN. From outside it only works to first PVE but the second one is unreachable. They have common firewall rules of a...
  4. [SOLVED] [WORKAROUND FOUND] Routing issues probably self-inflicted. Amateur needs help. Only for patient users.

    Hello everyone. Ugh... I'm afraid to even ask the question... Just to be fair - I am an amateur - I don't even know what I don't know... Ok so I am setting up proxmox but its "complicated". - Normally proxmox runs with LAN device as a main network (internet) interface - in my case its...
  5. [SOLVED] Docker breaks my Proxmox access

    I’m running Proxmox and a VM with a minimal debian OS. Everything worked fine until I installed docker and Portainer. Well, docker, Portainer and my containers work fine. But now my Proxmox is not accessable, not by GUI and not by SSH. I’ve read that docker could break the bridge as it uses...
  6. [TUTORIAL] ZeroTier + Proxmox PVE

    ZeroTier + Proxmox We have been using ZeroTier over a year, when it came time to use it with Proxmox, I wasted hours due to my desire to over-complicate things. This four step process will let you access your containers and VMs remotely via the ZeroTier D-WAN / VPN My goal is to configure...
  7. [TUTORIAL] Aussperrschutz, wenn man an der Proxmox Firewall (iptables) rumschraubt

    Wer kennt das nicht, man will die PVE Kiste securen und erstellt Rules in den iptables. Plötzlich hat man sich selber ausgesperrt. Ärgerlich und kann dann nur noch mittels Rescuemodus behoben werden. Bei grossen Kisten mit vielen VMs ist das nicht sonderlich toll. Habe mir ein Script...
  8. pve-firewall vs iptables/systemctl reporting discrepencies

    Proxmox newbie here. In my PVE server... 1. If the pve-firewall is running (with policy_in: DROP like it says below, why does iptables report no rules (ie: everything is "accepted")? 2. what does 'disabled' mean in pve-firewall status = disabled/running? (systemctl status pve-firewall.service...
  9. Port Forwarding (like DMZ)

    I wrote this to redirect all ports to a single machine, but I don't know if it is working properly. Is it possible to direct the entire port range to a single machine like DMZ Logic? post-up iptables -t nat -A PREROUTING -p tcp --dport 0:8005 -j DNAT --to-destination 192.168.128.185:0-8005...
  10. Container - Destination Port Unreachable

    Hello I setup the third proxmox-machine. There I have network issues. I doublechecked everything, but still didn't find my mistake yet. I'm sure it's just a little thing to fix. On Container: floh@container01:~$ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. From 10.10.10.1...
  11. No outgoing network connection on private network

    I am trying to setup a private network but seem to running into a few problems. My network set up is as follows: So i have a LXC setup on vmbr2 with the network config looking as follows: But no outside network :(. I cannot ping 192.168.1.51 from the LXC, only 192.168.3.0/ sub-net...
  12. Mutliple IP Nat on one NIC

    Hi guys, I got another problem today. I got a proxmox node (running version 6.1-8) that has got one public IP (lets say A.A.A.A) and one secondary IP (lets say B.B.B.B). I also got a bridge with the internal network 192.16.8.0/24 where every VM gets an IP. Currently my setup is working and I...
  13. Restrict access to a VM (all ports) to a whitelist IP list only

    Hi I am try to achieve the following: Only a certain list of IP must be able to access the VM (80, 8080, but, in general all ports). IP that are not in the list will have their packets DROP/REJECT. The goal is to only allow the access from two physical sites that do have a static IP address...
  14. Proxmox Firewall greift nicht über die /etc/network/interfaces vom Host

    Guten Tag, ich habe ein (hoffentlich) kleines Problem. Ich habe für meine freigegebenen Ports nun Einträge in der Firewall auf dem (Rechenzentrum) angelegt und die Firewall dort und in der VM an sich aktiviert. Jetzt möchte ich zum Beispiel den in der interfaces gerouteten Port 1222 (zur...
  15. [SOLVED] OpenVPN ins hinterliegende LAN

    Ich habe eine normale Ubuntu-VM (kein Container) mit der Standard-Netzwerkkarte (vmbr0) sowie einem dort installiertem OpenVPN. Eine VPN-Verbindung vom Handy aus funktioniert, jedoch erreiche ich die anderen VM`s sowie das Home-Netzwerk nicht. Nur die Dienste des OpenVPN-Servers selbst. Auf dem...
  16. Node Firewall Runs on At Every Boot Despite Disabling Via GUI

    I'm a little perplexed as to the expected behavior of disabling the firewall for troubleshooting purposes. I've left the default for the datacenter firewall as NO. And for my node the firwall was shown as on in the GUI so I toggled it to NO. Yet, if I reboot Proxmox and check the firewall status...
  17. Gaia

    [SOLVED] Firewall Default Rules Not Present

    According to the wiki, proxmox comes with some default rules. But iptables -L -xvn shows: Chain INPUT (policy ACCEPT 77651 packets, 15630208 bytes) pkts bytes target prot opt in out source destination 68754 13978100 f2b-proxmox tcp -- * *...
  18. [SOLVED] 1 NIC, 2 public IPs (MAC binding) + pfSense VM HELP!

    Hello all, First time poster here, I've been following Proxmox for a while and now I've set up a VPS in an external provider. My current provider gives me a Supermicro server with only 1 NIC plugged in. I have no control over this as I've already made a ticket to ask my provider to plug another...
  19. Forward Protocol Stack to VM (ipsec/gre/ah/etc.)

    Hello, which is the correct way to forward all protocols for a specific IP directly to a VM? E.g. JUMPERint=192.168.90.10 JUMPER=8.4.2.3 (official IP, public) iptables -t nat ${PARAM} PREROUTING -d ${JUMPER}/32 -p esp -j DNAT --to-destination ${JUMPERint} iptables -t nat ${PARAM} PREROUTING...
  20. [SOLVED] Questions about the PVE firewall

    Hi I am configuring the PVE firewall this afternoon, but I don't get some things. There are firewall rules in Datacenter, in Nodes (the cluster nodes) and in VMs. Is there a cascade working? Eg, are the rules in Datacenter also applicable on the Nodes? When I eg. set a Disable SSH rule in...

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!