Hi,
thats my first post here on the forum, I only installed proxmox last week and have tested a few things. Sorry if I have missed something.
I have a question about configuring the firewall in the following setup:
Proxmox 8.2.2
Single Node installation
container:
cat /etc/debian_version: 12.5
java -version:
openjdk version "17.0.11" 2024-04-16 LTS
OpenJDK Runtime Environment Zulu17.50+19-CA (build 17.0.11+9-LTS)
OpenJDK 64-Bit Server VM Zulu17.50+19-CA (build 17.0.11+9-LTS, mixed mode, sharing)
Firewall enabled on datacenter, node and within the container at network level as well as in the firewall settings with INPUT drop & OUTPUT accept.
Within the container some java program is running and trying to execute InetAddress.isReachable() function. (java doc)
According to the documentation this function is either doing a ICMP ECHO REQUEST or TCP on port 7.
Only with disabled firewall (at the network interface of the container) this is working fine (for testing only, to show that the issue is with the firewall configuration).
With enabled firewall (at the network interface of the container) but disabled firewall (within firewall -> options of the container) this is not working.
Also setting firewall rules on datacenter, node & container level (via a security group, so that on all levels the same rules will apply) will not help. Also setting input policy to ACCEPT on the container (just for testing) the java function is still throwing an exception.
Therefore asking for help, why any firewall rule to allow ICMP traffic / opening tcp port 7 on an container is not working and how to change this.
Thanks in advance,
Matthias
thats my first post here on the forum, I only installed proxmox last week and have tested a few things. Sorry if I have missed something.
I have a question about configuring the firewall in the following setup:
Proxmox 8.2.2
Single Node installation
container:
cat /etc/debian_version: 12.5
java -version:
openjdk version "17.0.11" 2024-04-16 LTS
OpenJDK Runtime Environment Zulu17.50+19-CA (build 17.0.11+9-LTS)
OpenJDK 64-Bit Server VM Zulu17.50+19-CA (build 17.0.11+9-LTS, mixed mode, sharing)
Firewall enabled on datacenter, node and within the container at network level as well as in the firewall settings with INPUT drop & OUTPUT accept.
Within the container some java program is running and trying to execute InetAddress.isReachable() function. (java doc)
According to the documentation this function is either doing a ICMP ECHO REQUEST or TCP on port 7.
Only with disabled firewall (at the network interface of the container) this is working fine (for testing only, to show that the issue is with the firewall configuration).
With enabled firewall (at the network interface of the container) but disabled firewall (within firewall -> options of the container) this is not working.
Also setting firewall rules on datacenter, node & container level (via a security group, so that on all levels the same rules will apply) will not help. Also setting input policy to ACCEPT on the container (just for testing) the java function is still throwing an exception.
Therefore asking for help, why any firewall rule to allow ICMP traffic / opening tcp port 7 on an container is not working and how to change this.
Thanks in advance,
Matthias
