ATTENTION: Firewall and KVM Routing

Virtualizer

Active Member
Dec 19, 2011
90
5
28
Possible many users search about problems with KVM can not communicate to outside. A ping to inside is running, but a ping to outside not! We have search about this many hours!

A blocking will going on, when:

Firewall for the KVM machine is DISABLED <<<< NOT UNDERSTANDABLE WHY !!!

but when IP-Filter in Options is ENABLED

and in Hardware the IP-Network-Card is Firewall ENABLED

and an IP-Filter in the card is not set or possible wrong!

So, every communcation is blocked equal the Firewall is in option enabled or disabled, when other settings are wrong! But I was the meaing, that in Option the Setting Firewall is the main switch, but this is wrong!

To resolve the problems, you can:

disable the Firewall in the Hardware - Network-Card OR
disable in Options the Setting IP-Filter

A other bug is, that you cant check the ipfilter via:

create under IP-Sets an IPSet with name ipfilter-eth0 and inside add the IP of the KVM machine!

So, the best resolution in moment is only, to disable IP-Filter in Options
 
Your post and description of the behavior is quite confusing - at least for me - and it looks like you did just a wrong configuration.

If you really think there is a bug, please report it via:

https://bugzilla.proxmox.com
 
Tom, we can see this problem on 3 hosts! When firewall is enabled in KVM on the NIC / and IP-Filter is enabled in Firewall Options for the KVM and Firewall in Options for the KVM is disbabled, the Firewall block the outgoing traffic! As I have written, when nothing is set in IP-Sets! So can everybody check this too?
 
the question is: why do you think this is a bug?
 
Why ipfilter filter the traffic, when firewall is off? For my understand the ipfilter is included in the firewall! Otherwise thats an missunderstanding about the flag firewall in hardware options too. For me the understanding is: Is the firewall in the options disabled, then all traffic will been go direct arround the firewall and not throu the firewall!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!