Firewall logs do not appear in the VM

jordan_dig

New Member
Feb 9, 2023
26
1
3
Hello,

I hope you don't mind me reaching out, but I've set up a security group with rules that log as "info." However, these logs only appear in the node's logs and not in the VMs' logs. If you have any ideas for debugging, I'd greatly appreciate it.
 
Last edited:
Hi,

Can you please provide us with the Firewall config on the VM?

Bash:
cat /etc/pve/firewall/<VMID>.fw
 
Hi,

Can you please provide us with the Firewall config on the VM?

Bash:
cat /etc/pve/firewall/<VMID>.fw
Hello
Thanks for your reply,
This is my config :

Code:
[OPTIONS]


policy_in: ACCEPT
log_level_out: info
log_level_in: info
enable: 1


[RULES]


GROUP drop-prod-vm
GROUP drop-dhcp-range
 
Last edited:
Thank you for the output!

I deleted your thread.


Reading the Firewall logs, I would check security groups (drop-prod-vm, and drop-dhcp-range) if they are correcly configured and set the log to `info` as well.
 
  • Like
Reactions: jordan_dig
Thank you for the output!

I deleted your thread.


Reading the Firewall logs, I would check security groups (drop-prod-vm, and drop-dhcp-range) if they are correcly configured and set the log to `info` as well.
Hello,
Thanks for your reply,
This is my check security groups config :Capture d’écran 2024-08-19 à 11.18.15.pngCapture d’écran 2024-08-19 à 11.18.23.png
 
Last edited:
ALL CONFIG
 

Attachments

  • Capture d’écran 2024-08-19 à 13.43.07.png
    Capture d’écran 2024-08-19 à 13.43.07.png
    109.3 KB · Views: 6
  • Capture d’écran 2024-08-19 à 13.41.08.png
    Capture d’écran 2024-08-19 à 13.41.08.png
    65.6 KB · Views: 6
  • Capture d’écran 2024-08-19 à 13.41.22.png
    Capture d’écran 2024-08-19 à 13.41.22.png
    76 KB · Views: 4
  • Capture d’écran 2024-08-19 à 13.42.32.png
    Capture d’écran 2024-08-19 à 13.42.32.png
    63 KB · Views: 4
  • Capture d’écran 2024-08-19 à 13.42.40.png
    Capture d’écran 2024-08-19 à 13.42.40.png
    53.9 KB · Views: 4
  • Capture d’écran 2024-08-19 à 13.42.47.png
    Capture d’écran 2024-08-19 à 13.42.47.png
    60 KB · Views: 5
veversion -v
proxmox-ve: 8.2.0 (running kernel: 6.8.8-4-pve)
pve-manager: 8.2.4 (running version: 8.2.4/faa83925c9641325)
proxmox-kernel-helper: 8.1.0
proxmox-kernel-6.8: 6.8.12-1
proxmox-kernel-6.8.12-1-pve-signed: 6.8.12-1
proxmox-kernel-6.8.8-4-pve-signed: 6.8.8-4
proxmox-kernel-6.5.13-6-pve-signed: 6.5.13-6
proxmox-kernel-6.5: 6.5.13-6
proxmox-kernel-6.5.11-8-pve-signed: 6.5.11-8
ceph-fuse: 18.2.2-pve1
corosync: 3.1.7-pve3
criu: 3.17.1-2
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx9
ksm-control-daemon: 1.5-1
libjs-extjs: 7.0.0-4
libknet1: 1.28-pve1
libproxmox-acme-perl: 1.5.1
libproxmox-backup-qemu0: 1.4.1
libproxmox-rs-perl: 0.3.3
libpve-access-control: 8.1.4
libpve-apiclient-perl: 3.3.2
libpve-cluster-api-perl: 8.0.7
libpve-cluster-perl: 8.0.7
libpve-common-perl: 8.2.2
libpve-guest-common-perl: 5.1.4
libpve-http-server-perl: 5.1.0
libpve-network-perl: 0.9.8
libpve-rs-perl: 0.8.9
libpve-storage-perl: 8.2.3
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 6.0.0-1
lxcfs: 6.0.0-pve2
novnc-pve: 1.4.0-3
proxmox-backup-client: 3.2.7-1
proxmox-backup-file-restore: 3.2.7-1
proxmox-firewall: 0.5.0
proxmox-kernel-helper: 8.1.0
proxmox-mail-forward: 0.2.3
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.6
proxmox-widget-toolkit: 4.2.3
pve-cluster: 8.0.7
pve-container: 5.1.12
pve-docs: 8.2.3
pve-edk2-firmware: 4.2023.08-4
pve-esxi-import-tools: 0.7.1
pve-firewall: 5.0.7
pve-firmware: 3.13-1
pve-ha-manager: 4.0.5
pve-i18n: 3.2.2
pve-qemu-kvm: 9.0.2-2
pve-xtermjs: 5.3.0-3
qemu-server: 8.2.4
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.2.4-pve1
Code:
 
Thank you!

Everything looks ok and the log should print on both node and VM. In this case I would try to restart the pve-firewall service using systmctl, if that didn't help I would check the syslog on the host.
 
Thank you!

Everything looks ok and the log should print on both node and VM. In this case I would try to restart the pve-firewall service using systmctl, if that didn't help I would check the syslog on the host.
I restarted the node but that didn't change anything... and what should I look for in the syslog?
 
Aug 19 14:14:52 pve systemd[1]: Starting pve-firewall.service - Proxmox VE firewall...
░░ Subject: A start job for unit pve-firewall.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit pve-firewall.service has begun execution.
░░
░░ The job identifier is 175.
Aug 19 14:14:53 pve pve-firewall[1804]: starting server
Aug 19 14:14:53 pve systemd[1]: Started pve-firewall.service - Proxmox VE firewall.
░░ Subject: A start job for unit pve-firewall.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit pve-firewall.service has finished successfully.
░░
░░ The job identifier is 175.

journalctl -u pve-firewall -xe
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!