iptables

Hi! There is a Netflow/IPFIX package for iptables in the base Debian12, but not compatible with the pve8 kernel 6.x Is there any way to make it to work? https://bugs.launchpad.net/ubuntu/+source/iptables-netflow/+bug/2023306 $> aptitude search netflow p iptables-netflow-dkms...

Hi, since switching to Proxmox VE 8 Postrouting SNAT (Unfortunately I must use NAT) in combination with the Proxmox Firewall is not working anymore even with conntrack zones enabled. In Proxmox VE 7 it worked after adding post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1...

Hey guys, I just finished setting up Proxmox VE on my hosted cloud server and I was curious if I will absolutely need to have additional IPs for many of my web-facing services\containers? The reason I ask is that my current host doesn't have any available and probably won't for a few months...

Hi everyone, I have a proxmox on a dedicated server that has a public ip on the WAN side and I created a DMZ to a virtual machine inside it, I noticed that everything passes except the gre protocol. Can you give me a hand please? Below I put the configuration of the interfaces: auto lo iface lo...

Hello, I have problems doing a NAT. I have a dedicated Hetzner with only 1 public IP. Install Proxmox and create a vmbr0 with the data of the public ip then create a mvbr1 with the ip 192.168.10.1 Then create my CT, with the ip 192.168.10.100 Install a Web Server in my CT. and on my private...

I've been hitting my head to the brick wall that is iptables inside a Debian 11.3 container in Proxmox. I cannot seem to get it to block anything and there seems to be some contradicting discussions about if iptables should even work inside LXC. I do use Proxmox firewall as well, and it is...

Hi, I'm trying to achieve following: I want everything, what comes in with TCP protocol, will be natted to 10.10.100.1 except: - Source IP 100.100.100.1 to destination port 22, 8006 - Source IP 100.100.100.2 to destination port 22, 8006 - Source IP 100.100.100.3 to destination port 22, 8006 -...

Hello everyone I have a custom firewall rule for a few VMs that I can't enter in the GUI. The most elegant way would be to load it directly at startup by "post-up" in the /etc/network/interfaces file. The rule looks like this: ip6tables --insert tap181i0-IN -m mac ! --mac-source...

Hello everyone, I'm trying to make my own router/firewall with OPNsense as a VM in Proxmox. What's not clear to me is if I can let OPNsense connect to the internet directly, or if that put Proxmox at risk and thus I should add the Proxmox Firewall to be safe? In both cases Proxmox will be...

Hi, I'm trying to learn a bit more in-depth about networking in Proxmox in order to diagnose some connection issues I'm having. I thought maybe to just get confirmed how I believe packets are processed when sent to a container or VM. Say I have a host with a single public IP and some guests. I...

Hello guys, as I'm having a pretty tough time to get one of the services (BigBlueButton) to work I would like to try the deployment with a 1:1 NAT in iptables. Long story short, I have a virtualised opnesense/pfsene, tried really everything in there (1:1Nat), port forwardings, different reverse...

This is 4th try after getting no responses from Stack Exchange sites [1, 2, 3] and I've been fighting with this issue for ~2 weeks. I really hope someone can help me with this issue. --- I have a setup like this (this diagram is also available here): I'm running a single PVE host in my...

Hello. I have a NAS directly connected to my Proxmox machine, which forwards all NFS traffic via iptables to the NAS (I can't directly connect the NAS per our system policy). I can connect to the NFS share from every other machine on our network but not from ProxMox or the VMs running on it...

Hi, I'm not sure if I asked the question already, checked but cannot find in my posts. Basically I have some custom iptables rules per VM/adapter and I do logging. These logs go into the main node logs instead of the VM Firewall logs. /sbin/iptables -N ... /sbin/iptables -A ... -m limit...

Preface Hi together, this thread is highly connected to the issue I explained here: Connected issue I think it has the same root cause but since I got no answer there I tried to narrow down the problem, reframe it. So now I have a different symptom that is based on a more "common" scenario, that...

Hi everybody, I am struggeling with a problem where I did not figure out yet if it is a "basic" networking problem or something that has to do with my SDN configuration. The setup is the following: I have two VEs (192.168.2.10 and .11) coupled as a cluster. Within this cluster there is an...

I am trying to port foward HTTP:80 to IP: 24.12.3.250 I can access my website from 24.12.4.250 since it on the internal network shown below, but when its time to access it from outside the private network I can't access it. (The unnamed router at the top is my home network with the subnet...

Hello, I'm experiencing a pretty strange connection issue when connected to the second vpn VM (wireguard). I got two proxmox nodes, each do have a VM with wireguard, a VM with a dns server, a VM with traefik proxy, both nodes have the same etc/network/interfaces files. Both wireguard VMs are...

This is my current network setup on host one (vm01). I have a public network available over vmbr0 and a private network connected to a nic over vmbr1 (used for cluster traffic and VM private network via a vlan). Now I want to NAT the vlan onto vmbr0 so that the vms can have limited internet...

I have the current setup, which after two days of trying should be correct. I can't get the iptables nat config to redirect traffic from either my vlan or the interface vmbr1 at all. At this point I can't see any other option... auto lo iface lo inet loopback iface enp2s0f0 inet manual iface...