Hello. I have several web servers running in LXC.
I have setup a group for them in the firewall settings.
out DNS accept
out web accept
in web accept
out drop
in drop
This blocks the LXC from using ssh to connect to other machines on my lan. They are only able to serve web over http/https and also lookup dns for updating (apt-get) reasons.
So here is my question. It all works as expected example:
log into lxc 10.0.1.225ping google.com
fail
ping another lxc machine 10.0.1.226
fail
looking good so far
ping the proxmox host 10.0.1.100
success!
ssh 10.0.1.100
success!
so why are my rules working for everyone but not working for when i try to get at the host?
thanks so much for your time and help. Great software!
I have setup a group for them in the firewall settings.
out DNS accept
out web accept
in web accept
out drop
in drop
This blocks the LXC from using ssh to connect to other machines on my lan. They are only able to serve web over http/https and also lookup dns for updating (apt-get) reasons.
So here is my question. It all works as expected example:
log into lxc 10.0.1.225ping google.com
fail
ping another lxc machine 10.0.1.226
fail
looking good so far
ping the proxmox host 10.0.1.100
success!
ssh 10.0.1.100
success!
so why are my rules working for everyone but not working for when i try to get at the host?
thanks so much for your time and help. Great software!
