custom firewall inside ct breaks console access ?

[W.Rusman]

Hello,

yesterday we migrated a lxc container from an ubuntu lxc server and despite the fact that it started fine and everything seemed to work ok we were not able to access the console via any proxmox methods.

Eventually we disabled the firewall inside the ct via file access to the ct content and after that we were able to get console access.

How does the process of console access with proxmox and lxc-connect relate to firewall rules for network traffic ?

 

[oguz]

yesterday we migrated a lxc container from an ubuntu lxc server and despite the fact that it started fine and everything seemed to work ok we were not able to access the console via any proxmox methods.

Which firewall did you install and how did you configure it exactly?

What kind of error message did you get when trying to access the console? (timeout, connection refused etc.)

Were you able to enter the container with

pct enter CTID

How does the process of console access with proxmox and lxc-connect relate to firewall rules for network traffic ?

It shouldn't be affected... I'm also not quite sure what you mean with 'lxc-connect'?

 

[W.Rusman]

It is a custom script which sets various iptables settings.
as for lxc-connect, this was a typo and was ment to be lxc-console ;-)

I will try the pct command, we only tried to connect via the web interface which yielded the following error when the firewall script was enabled :

timed out waiting for client
TASK ERROR: command '/usr/bin/termproxy 5900 --path /vms/107 --perm VM.Console -- /usr/bin/ssh -e none -t xxx.xxx.xx.xxx -- /usr/bin/dtach -A /var/run/dtach/vzctlconsole107 -r winch -z lxc-console -n 107 -e -1' failed: exit code 4