[SOLVED] Firewall does not seem to be applied to VM

[be_tnt]

Hello!

I just installed a centos 8.1 VM on a proxmox 6.1-8 (zfs). I have enabled the firewall in which I have 3 rules (2 sshs - old and new port - and one for ping).



In Firewall options:



but on my VM:

[root@gandalf ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

I would expect to see the rules here, no?
If I disable the ssh rule - port 22, it works (ssh is configured on port 22).

If I changed the ssh port to 8181 and restart the service, I can not connect anymore to my VM (except via the console).

What did I miss?

Thx!

 

[spirit]

do you have enable firewall on vm nic interface too ? (and do you have enable firewall at datacenter level too ?)

 

[be_tnt]

yes for the VM NIC:



and for the datacenter:

 

[spirit]

the iptables rules are applied on the host, not inside the vm !

 

[be_tnt]

That's quite strange as ssh port 22 is disabled on the host (and 8181 is opened). But on VM, I can connect on ssh 22 but not on 8181.

 

[spirit]

vm rules && host rules (configured at datacenter level or host level) are not related.
(vm rules are in host iptables FORWARD rules, && host rules are in host iptables INPUT/OUTPUT rules).

Simply do an "iptables-save" on proxmox host, you should see rules for vms && for hosts;

 

[be_tnt]

Thx Spirit.

I finally found that the problem was not related to the Proxmox firewall but to the centos 8.1 firewalld. I just had to add the 8181 port to make it work.


Thx for your help!