5 Node Cluster with Ceph, want to activate the Proxmox Firewall

S

sum-it

Member
Proxmox Subscriber
Jan 10, 2023
6
3
8
We have a 5 Node Proxmox Cluster with Ceph and need the Proxmox Firewall. Is Ceph (and all its needed Services) effected by the Firewall and therefore need to make exceptions for it?

We have four different networks: Ceph, Corosync, Cephpub and LAN
 
Yes. Create a new rule on the DC level to allow Ceph traffic before you enable the firewall. There is a Ceph Macro you can choose.
If you want to narrow it down further, you can specify the subnets used for the Ceph Public & Cluster network as the source and target networks.

Aliases can be useful so you only have to define them in one place.

If you access the cluster from a different subnet, add more rules to allow access from it on the ports needed, SSH, TCP 8006, ...

See https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pve_firewall_default_rules for the default rules automatically created.
 
  • Like
Reactions: Johannes S and sum-it
You must log in or register to reply here.
Top Bottom