iptables

According to the wiki, proxmox comes with some default rules. But iptables -L -xvn shows: Chain INPUT (policy ACCEPT 77651 packets, 15630208 bytes) pkts bytes target prot opt in out source destination 68754 13978100 f2b-proxmox tcp -- * *...

Hello all, First time poster here, I've been following Proxmox for a while and now I've set up a VPS in an external provider. My current provider gives me a Supermicro server with only 1 NIC plugged in. I have no control over this as I've already made a ticket to ask my provider to plug another...

Hello, which is the correct way to forward all protocols for a specific IP directly to a VM? E.g. JUMPERint=192.168.90.10 JUMPER=8.4.2.3 (official IP, public) iptables -t nat ${PARAM} PREROUTING -d ${JUMPER}/32 -p esp -j DNAT --to-destination ${JUMPERint} iptables -t nat ${PARAM} PREROUTING...

Hi I am configuring the PVE firewall this afternoon, but I don't get some things. There are firewall rules in Datacenter, in Nodes (the cluster nodes) and in VMs. Is there a cascade working? Eg, are the rules in Datacenter also applicable on the Nodes? When I eg. set a Disable SSH rule in...

I have a Node with about 30 Virtual Machines and 3 Linux Containers. Some VMs have firewalls enabled, and some do not. The firewalls for the enabled machines work as would be intended. However, on occasion, when two Virtual Machines try to establish a connection with each other, a REJECT rule...

Hi there! I've installed successfully a fresh Proxmox (pve-manager: 5.2-9 kernel: 4.15.18-pve). I downloaded the ISO from the official website and installed it from a CD. THE PROBLEM: I'm not able to: Display the Admin-GUI via HTTPS <my-ip>:8006. (I get a "took too long to respond" message on...

Hi everyone; When I activate the firewall at the cluster level 1. I have to open port 22 and 8006 unless I loose connection; (which apparently not suppose to happen) 2. my container are unable to communicate with the world. but as soon I disable the firewall everything is fine. - I is Proxmox...

Hello friends, PVE setup information: Cluster: 3 nodes PVE Version: pve-manager/5.2-8 Kernel: 4.15.18-4 Recently I had activated the firewall in my data center, to allow VPS users to be able to set up their own rules. What happened next is that I can notice a slow response of the network...

Hat das schon jemand gemacht? Brachte es auf meiner Testkiste ab VE5 nie zum laufen (ältere VEs gingen). Wäre um Tips (oder gar Tutorials) sehr dankbar. Laufen werden 2 VMs, wobei nur eine von extern über einen einzigen Port erreichbar sein muss. Edit: Ich glaub, ich habs geschafft!

Hello Everyone, According to the Wiki: "If you enable the firewall, traffic to all hosts is blocked by default. Only exceptions is WebGUI(8006) and ssh(22) from your local network." My question is, where are the configuration files for these two rules (WebGUI and SSH)? I checked in...

I think that it is too cumbersome to edit the network card file every time you add the nat rule. Can you add the iptables nat rule of the web interface in future versions to manage or provide the network card file modification channel or other means to simplify the nat port rule configuration...

Hi, I always worked around this problem, but now I'm just tired of it and want to do it right. My containers have IP and internet connection like this: https://pve.proxmox.com/wiki/Network_Model#Masquerading_.28NAT.29_with_iptables Lets say 10.10.10.100 is a mail server, and 10.10.10.200 is a...

Hi everyone, I am running pve 5.1-42 proxmox-ve: 5.1-42 (running kernel: 4.13.16-2-pve) pve-manager: 5.1-51 (running version: 5.1-51/96be5354) pve-kernel-4.13: 5.1-44 pve-kernel-4.13.16-2-pve: 4.13.16-47 pve-kernel-4.13.16-1-pve: 4.13.16-46 pve-kernel-4.13.13-6-pve: 4.13.13-42...

I'm running PVE 4.4-22 and want to enable the firewall on one of my VMs so that it drops all but some ports on its WAN network interface. Using the GUI, I have enabled the firewall on the datacenter, at node 'host' and on the VM. The input policy on the VM is DROP. I have also enabled the...

Hi. I use Proxmox 4.3-1 version. early I created iptables firewall and used it on lots of servers. There are some rules and the bottom lines are like that : -A INPUT -j LOG_DROP -A LOG_DROP -j LOG --log-prefix --DROP--: -A LOG_DROP -j DROP It's very easy. I use it on LVM that is on proxmox...

Hi there I've noticed a change between two proxmox versions. In newer ones , no traffic is passing through the FORWARD chain (.e.g iptables -L FORWARD -vxn shows 0 packets 0 bytes) proxmox-ve: 5.1-38 (running kernel: 4.13.13-5-pve) pve-manager: 5.1-43 (running version: 5.1-43/bdb08029)...

Hello, I have Dedicated Server on Hetzner with a single NIC and a single public IP on it. There are quite a few discussions about setting up Proxmox networking in such a situation. Specifically, I have followed the following guides: forum <dot> proxmox <dot>...

Hi everyone, Im planning to put a proxmox server directly on the internet so am locking the box down heavily. My aim is to only have ssh open (where I can use 2fa and ssh keys to ensure security) and then block all other ports and do ssh port forwarding to access the proxmox web UI. I found...

Hey everyone, I've just installed Proxmox VE 4.4 and everything works fine. I enabled the Proxmox Firewall on every Level (Datacenter, controller node and VM) and it doesn't do anything. If I block everything (Input, DROP, etc...) and/or block specific macros it doesn't affect the VM. The...

Ich habe zuhause eine KVM büchse und will nun zwei netzwerke via bridge aufbauen. das klappt soweit nur würde ich gerne auf ein Netzwerk auch von aussen zugreifen können. Raus komme ich schon. interfaces Code: auto lo iface lo inet loopback auto eth0 iface eth0 inet manual auto vmbr0 iface...