Firewall logs do not appear in the VM

[jordan_dig]

Hello,

I hope you don't mind me reaching out, but I've set up a security group with rules that log as "info." However, these logs only appear in the node's logs and not in the VMs' logs. If you have any ideas for debugging, I'd greatly appreciate it.

 

[Moayad]

Hi,

Can you please provide us with the Firewall config on the VM?

cat /etc/pve/firewall/<VMID>.fw

 

[jordan_dig]

Hi,

Can you please provide us with the Firewall config on the VM?

cat /etc/pve/firewall/<VMID>.fw

Hello
Thanks for your reply,
This is my config :

[OPTIONS]


policy_in: ACCEPT
log_level_out: info
log_level_in: info
enable: 1


[RULES]


GROUP drop-prod-vm
GROUP drop-dhcp-range

 

[jordan_dig]

and can you delete this threads please https://forum.proxmox.com/threads/f...-node’s-logs-and-not-in-the-vms’-logs.152999/ ?
It's the same problem...

 

[Moayad]

Thank you for the output!

I deleted your thread.


Reading the Firewall logs, I would check security groups (drop-prod-vm, and drop-dhcp-range) if they are correcly configured and set the log to `info` as well.

 

[jordan_dig]

Thank you for the output!

I deleted your thread.


Reading the Firewall logs, I would check security groups (drop-prod-vm, and drop-dhcp-range) if they are correcly configured and set the log to `info` as well.

Hello,
Thanks for your reply,
This is my check security groups config :

 

[jordan_dig]

I tried to put the first rule also on info but it doesn't change anything...

 

[Moayad]

Can you please change the log into debug and see if you can see anything?

 

[jordan_dig]

Can you please change the log into debug and see if you can see anything?

Unfortunately this doesn't change anything... no content is still displayed.

 

[jordan_dig]

The result is the same when creating a rule outside a security group

 

[jordan_dig]

ALL CONFIG

 

[Moayad]

Thank you for the screenshots!

Could you please post the output of `pveversion -v`

 

[jordan_dig]

veversion -v
proxmox-ve: 8.2.0 (running kernel: 6.8.8-4-pve)
pve-manager: 8.2.4 (running version: 8.2.4/faa83925c9641325)
proxmox-kernel-helper: 8.1.0
proxmox-kernel-6.8: 6.8.12-1
proxmox-kernel-6.8.12-1-pve-signed: 6.8.12-1
proxmox-kernel-6.8.8-4-pve-signed: 6.8.8-4
proxmox-kernel-6.5.13-6-pve-signed: 6.5.13-6
proxmox-kernel-6.5: 6.5.13-6
proxmox-kernel-6.5.11-8-pve-signed: 6.5.11-8
ceph-fuse: 18.2.2-pve1
corosync: 3.1.7-pve3
criu: 3.17.1-2
glusterfs-client: 10.3-5
ifupdown2: 3.2.0-1+pmx9
ksm-control-daemon: 1.5-1
libjs-extjs: 7.0.0-4
libknet1: 1.28-pve1
libproxmox-acme-perl: 1.5.1
libproxmox-backup-qemu0: 1.4.1
libproxmox-rs-perl: 0.3.3
libpve-access-control: 8.1.4
libpve-apiclient-perl: 3.3.2
libpve-cluster-api-perl: 8.0.7
libpve-cluster-perl: 8.0.7
libpve-common-perl: 8.2.2
libpve-guest-common-perl: 5.1.4
libpve-http-server-perl: 5.1.0
libpve-network-perl: 0.9.8
libpve-rs-perl: 0.8.9
libpve-storage-perl: 8.2.3
libspice-server1: 0.15.1-1
lvm2: 2.03.16-2
lxc-pve: 6.0.0-1
lxcfs: 6.0.0-pve2
novnc-pve: 1.4.0-3
proxmox-backup-client: 3.2.7-1
proxmox-backup-file-restore: 3.2.7-1
proxmox-firewall: 0.5.0
proxmox-kernel-helper: 8.1.0
proxmox-mail-forward: 0.2.3
proxmox-mini-journalreader: 1.4.0
proxmox-offline-mirror-helper: 0.6.6
proxmox-widget-toolkit: 4.2.3
pve-cluster: 8.0.7
pve-container: 5.1.12
pve-docs: 8.2.3
pve-edk2-firmware: 4.2023.08-4
pve-esxi-import-tools: 0.7.1
pve-firewall: 5.0.7
pve-firmware: 3.13-1
pve-ha-manager: 4.0.5
pve-i18n: 3.2.2
pve-qemu-kvm: 9.0.2-2
pve-xtermjs: 5.3.0-3
qemu-server: 8.2.4
smartmontools: 7.3-pve1
spiceterm: 3.3.0
swtpm: 0.8.0+pve1
vncterm: 1.8.0
zfsutils-linux: 2.2.4-pve1

 

[Moayad]

Thank you!

Everything looks ok and the log should print on both node and VM. In this case I would try to restart the pve-firewall service using systmctl, if that didn't help I would check the syslog on the host.

 

[jordan_dig]

Thank you!

Everything looks ok and the log should print on both node and VM. In this case I would try to restart the pve-firewall service using systmctl, if that didn't help I would check the syslog on the host.

I restarted the node but that didn't change anything... and what should I look for in the syslog?

 

[jordan_dig]

because I don't see anything special

 

[jordan_dig]

Aug 19 14:14:52 pve systemd[1]: Starting pve-firewall.service - Proxmox VE firewall...
░░ Subject: A start job for unit pve-firewall.service has begun execution
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit pve-firewall.service has begun execution.
░░
░░ The job identifier is 175.
Aug 19 14:14:53 pve pve-firewall[1804]: starting server
Aug 19 14:14:53 pve systemd[1]: Started pve-firewall.service - Proxmox VE firewall.
░░ Subject: A start job for unit pve-firewall.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit pve-firewall.service has finished successfully.
░░
░░ The job identifier is 175.

journalctl -u pve-firewall -xe

 

[spronger]

I have the same isseu. No logging on every FW , Dtacenter / Node / Vm.

This solution did the trick for me.

https://forum.proxmox.com/threads/proxmox-firewall-doesnt-seem-to-work-and-errors-in-log.128359/

I had some devices on the vm in Firewall > Alias > With ip addresses and netmask number. Give those devices only a ip address and logging was running on all firewalls again.