iptables

Hi guys, I got another problem today. I got a proxmox node (running version 6.1-8) that has got one public IP (lets say A.A.A.A) and one secondary IP (lets say B.B.B.B). I also got a bridge with the internal network 192.16.8.0/24 where every VM gets an IP. Currently my setup is working and I...

Hi I am try to achieve the following: Only a certain list of IP must be able to access the VM (80, 8080, but, in general all ports). IP that are not in the list will have their packets DROP/REJECT. The goal is to only allow the access from two physical sites that do have a static IP address...

Guten Tag, ich habe ein (hoffentlich) kleines Problem. Ich habe für meine freigegebenen Ports nun Einträge in der Firewall auf dem (Rechenzentrum) angelegt und die Firewall dort und in der VM an sich aktiviert. Jetzt möchte ich zum Beispiel den in der interfaces gerouteten Port 1222 (zur...

Ich habe eine normale Ubuntu-VM (kein Container) mit der Standard-Netzwerkkarte (vmbr0) sowie einem dort installiertem OpenVPN. Eine VPN-Verbindung vom Handy aus funktioniert, jedoch erreiche ich die anderen VM`s sowie das Home-Netzwerk nicht. Nur die Dienste des OpenVPN-Servers selbst. Auf dem...

I'm a little perplexed as to the expected behavior of disabling the firewall for troubleshooting purposes. I've left the default for the datacenter firewall as NO. And for my node the firwall was shown as on in the GUI so I toggled it to NO. Yet, if I reboot Proxmox and check the firewall status...

According to the wiki, proxmox comes with some default rules. But iptables -L -xvn shows: Chain INPUT (policy ACCEPT 77651 packets, 15630208 bytes) pkts bytes target prot opt in out source destination 68754 13978100 f2b-proxmox tcp -- * *...

Hello all, First time poster here, I've been following Proxmox for a while and now I've set up a VPS in an external provider. My current provider gives me a Supermicro server with only 1 NIC plugged in. I have no control over this as I've already made a ticket to ask my provider to plug another...

Hello, which is the correct way to forward all protocols for a specific IP directly to a VM? E.g. JUMPERint=192.168.90.10 JUMPER=8.4.2.3 (official IP, public) iptables -t nat ${PARAM} PREROUTING -d ${JUMPER}/32 -p esp -j DNAT --to-destination ${JUMPERint} iptables -t nat ${PARAM} PREROUTING...

Hi I am configuring the PVE firewall this afternoon, but I don't get some things. There are firewall rules in Datacenter, in Nodes (the cluster nodes) and in VMs. Is there a cascade working? Eg, are the rules in Datacenter also applicable on the Nodes? When I eg. set a Disable SSH rule in...

I have a Node with about 30 Virtual Machines and 3 Linux Containers. Some VMs have firewalls enabled, and some do not. The firewalls for the enabled machines work as would be intended. However, on occasion, when two Virtual Machines try to establish a connection with each other, a REJECT rule...

Hi there! I've installed successfully a fresh Proxmox (pve-manager: 5.2-9 kernel: 4.15.18-pve). I downloaded the ISO from the official website and installed it from a CD. THE PROBLEM: I'm not able to: Display the Admin-GUI via HTTPS <my-ip>:8006. (I get a "took too long to respond" message on...

Hi everyone; When I activate the firewall at the cluster level 1. I have to open port 22 and 8006 unless I loose connection; (which apparently not suppose to happen) 2. my container are unable to communicate with the world. but as soon I disable the firewall everything is fine. - I is Proxmox...

Hello friends, PVE setup information: Cluster: 3 nodes PVE Version: pve-manager/5.2-8 Kernel: 4.15.18-4 Recently I had activated the firewall in my data center, to allow VPS users to be able to set up their own rules. What happened next is that I can notice a slow response of the network...

Hat das schon jemand gemacht? Brachte es auf meiner Testkiste ab VE5 nie zum laufen (ältere VEs gingen). Wäre um Tips (oder gar Tutorials) sehr dankbar. Laufen werden 2 VMs, wobei nur eine von extern über einen einzigen Port erreichbar sein muss. Edit: Ich glaub, ich habs geschafft!

Hello Everyone, According to the Wiki: "If you enable the firewall, traffic to all hosts is blocked by default. Only exceptions is WebGUI(8006) and ssh(22) from your local network." My question is, where are the configuration files for these two rules (WebGUI and SSH)? I checked in...

I think that it is too cumbersome to edit the network card file every time you add the nat rule. Can you add the iptables nat rule of the web interface in future versions to manage or provide the network card file modification channel or other means to simplify the nat port rule configuration...

Hi, I always worked around this problem, but now I'm just tired of it and want to do it right. My containers have IP and internet connection like this: https://pve.proxmox.com/wiki/Network_Model#Masquerading_.28NAT.29_with_iptables Lets say 10.10.10.100 is a mail server, and 10.10.10.200 is a...

Hi everyone, I am running pve 5.1-42 proxmox-ve: 5.1-42 (running kernel: 4.13.16-2-pve) pve-manager: 5.1-51 (running version: 5.1-51/96be5354) pve-kernel-4.13: 5.1-44 pve-kernel-4.13.16-2-pve: 4.13.16-47 pve-kernel-4.13.16-1-pve: 4.13.16-46 pve-kernel-4.13.13-6-pve: 4.13.13-42...

I'm running PVE 4.4-22 and want to enable the firewall on one of my VMs so that it drops all but some ports on its WAN network interface. Using the GUI, I have enabled the firewall on the datacenter, at node 'host' and on the VM. The input policy on the VM is DROP. I have also enabled the...

Hi. I use Proxmox 4.3-1 version. early I created iptables firewall and used it on lots of servers. There are some rules and the bottom lines are like that : -A INPUT -j LOG_DROP -A LOG_DROP -j LOG --log-prefix --DROP--: -A LOG_DROP -j DROP It's very easy. I use it on LVM that is on proxmox...