The only solution is to put a proxy in front of pmg web interface ad doing the filtering of url from it
Change Port from 8006 to 443
- Thread starter Florian Bauer
- Start date
Hi Davide,
Yes it was the way to go in this case. And is working perfectly with HAproxy.
Thanks
Thank you all of you for the above code, it also helped me to switch to default port 443. I also tweaked the above code to make it easier to do it using the interfaces file
I added
Code:
auto vmbr0
iface vmbr0 inet dhcp
bridge-ports enx70886b82dd62
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A PREROUTING -p tcp -d 192.168.1.6 --dport 443 -j REDIRECT --to-ports 8006
post-up ip6tables -t nat -A PREROUTING -p tcp -d fd00::6 --dport 443 -j REDIRECT --to-ports 8006I added
-d 192.168.1.6 and -d fd00::6 to the firewall code because all the VMs were using the SSL certificate of proxmox and were giving me errors, now all the VMs are perfectly displaying their own SSL certificates.
Last edited:
Necrobump, but kudos and thanks to @saud for this idea - I've implemented it in a more flexible (and automatic) manner in my proxmox playbook.
https://forum.proxmox.com/threads/tip-remap-port-8006-to-443-in-iptables-automatically.120713/
This will redirect any traffic on all interfaces, so it will end up breaking your VM's.
I figured this out after pulling my hair out, when a VM was having issues with wget/curl on port 443.
Last edited:
The code to automatically do this is already written, and exists at https://github.com/xrobau/ansible-proxmox-host/blob/master/roles/proxmox-base/files/fix-port-8006.sh
Simply add that as a post-up command to the interface you want to remap, and everything else is done for you. No configuration needed.
Simply add that as a post-up command to the interface you want to remap, and everything else is done for you. No configuration needed.
Thanks, I've instituted something similar. I just wanted to post my experience if someone else stumbles here with the same wget/curl 443 issues after blindly copying and pasting the iptables rule.
Right now, I've got a 1000+ line zsh script for setting up a Proxmox host. I've used Ansible but have been shy about using it for single deployments that I don't fully manage. How's it working for you? Are you also using Ansible to deploy a template and clone new hosts? This might not be the best avenue to hear your thoughts, but I am open to moving this discussion to a chat platform.
Here is my interfaces file with IPv4 and IPv6 config
Code:
auto vmbr0
allow-hotplug vmbr0
iface vmbr0 inet dhcp
gateway 192.168.1.6
bridge-ports eno1
bridge-stp off
bridge-fd 0
post-up iptables -t nat -A PREROUTING -p tcp -d 192.168.1.6 --dport 443 -j REDIRECT --to-ports 8006
iface vmbr0 inet6 dhcp
gateway fd00::1
post-up ip6tables -t nat -A PREROUTING -p tcp -d fd00::6 --dport 443 -j REDIRECT --to-ports 8006
Last edited:
on bookworm, debian 12, nftables replaces iptables. so i used
Code:
nft add table nat
nft 'add chain nat prerouting { type nat hook prerouting priority -100; }'
nft add rule nat prerouting tcp dport 443 redirect to 8006I had this for both IPv4 and IPv6
Code:
nft add table ip nat
nft 'add chain ip nat prerouting { type nat hook prerouting priority -100; }'
nft 'add rule ip nat prerouting ip daddr 10.88.88.6 tcp dport { 443 } dnat 10.88.88.6:8006'
nft add table ip6 nat
nft 'add chain ip6 nat prerouting { type nat hook prerouting priority -100; }'
nft 'add rule ip6 nat prerouting ip6 daddr [fd88::6] tcp dport 443 dnat to [fd88::6] :8006'
Last edited:
OK, i have to ask, why :8006?
- because it allows running a different page-set on 443?
- security through obscurity? if that, i would expect it to bind only to localhost by default.
- something i have not considered?
I think Proxmox should start using the default port 443 since Proxmox runs on its own IP address so there is no need to use port 8006.