Hi everyone,
we are running Proxmox Virtual Environment 8.4.14 with a 3-node cluster, and we need to configure firewall rules for ports 22 and 8006 on the physical nodes.
We tried enabling and configuring the Datacenter Firewall, but after turning it on we started experiencing packet loss between virtual machines. The strange behavior we observe:
We did not modify the firewall on the VMs or the hosts themselves. The issue appeared only after enabling the Datacenter firewall. After troubleshooting we ended up with the following configuration:
Actual firewall setup:
[hostmachine ~]# cat /etc/pve/nodes/hostmachine/host.fw
[hostmachine ~]# cat /etc/pve/firewall/294.fw
Any pointers or ideas would be greatly appreciated.
Thanks!
we are running Proxmox Virtual Environment 8.4.14 with a 3-node cluster, and we need to configure firewall rules for ports 22 and 8006 on the physical nodes.
We tried enabling and configuring the Datacenter Firewall, but after turning it on we started experiencing packet loss between virtual machines. The strange behavior we observe:
- Packets from VM1 → router → VM2 leave VM1 correctly.
- The router forwards the return packets back to VM1.
- However, VM2 never receives the packets, even though the router does send them.
We did not modify the firewall on the VMs or the hosts themselves. The issue appeared only after enabling the Datacenter firewall. After troubleshooting we ended up with the following configuration:
Actual firewall setup:
[hostmachine ~]# cat /etc/pve/nodes/hostmachine/host.fw
[hostmachine ~]# cat /etc/pve/firewall/294.fw
Question
Has anyone encountered similar behavior where VM-to-VM traffic starts dropping when the Datacenter firewall is enabled, even with permissive rules? Are we missing some global setting or interaction between Datacenter and node-level rules?Any pointers or ideas would be greatly appreciated.
Thanks!