Best practice to secure single hypervisor colocated

mylesw

Renowned Member
Feb 10, 2011
81
3
73
I have to install a single server at a colocated facility, and it will be running PM 5.2. I need to be able to restrict the IP addresses that can access the hypervisor, but I cannot put the server behind an external firewall as the provider is only giving me 1U and 5 network IPs. Is there a best practice for doing this on the hypervisor, so that only nominated IP addresses are able to get to a login on either the web management console or SSH?

Something that won't be overwritten with subsequent software updates, etc.?

Thanks in advance for any suggestions.

Myles
 
you can use iptabels

Yes, but wouldn't that be overwritten with a PM upgrade later? And also I need to be able to not have the virtual bindings to the network ports not be affected by iptables. Only access to the management of the server should be affected. Not sure how to achieve that if iptables is restricting the entire NIC itself. I only get one cat 6 drop into that server, so everything is done on the one NIC.
 
iptables you can set destination ip

I don't understand. What rules are you referring to? How can I restrict the NIC and not have that subjected to the virtual hosts on that box? I need the virtual hosts to be unencumbered, but only the management network be restricted. And it all has to be done on one NIC. Your answer gives absolutely no details on how to do this, so I doubt you are correct. Please explain.
 
Hi, I have just gone through and I can say IPtables is very flexible you can do a lot really! But I wonder if a properly configured IPtables is as secure as something like Pfsense or other hardware firewall
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!