Firewall ports to allow when Proxmox and PBS on different networks?

jdancer

Member
May 26, 2019
29
5
8
52
I have the following network setup:

192.168.1.0/24 VLAN 10
pve1.host.local 192.168.1.11/24
pve2.host.local 192.168.1.12/24
pve3.host.local 192.168.1.13/24

192.168.2.0/24 VLAN 20
pbs.guest.local 192.168.2.254/24

Each VLAN is protected by a firewall.

Per https://forum.proxmox.com/threads/which-network-ports-are-required.72744, PBS listens on TCP port 8007.

What TCP port do I need to allow in the firewall for the PVE hosts on 192.168.1.0/24 to reach the PBS on 192.168.2.0/24? Is it TCP port 8007?

Per https://old.reddit.com/r/Proxmox/comments/s69u01/proxmox_backup_server_task_error_failed_to, the OP says that PBS uses a "pull" method to initiate backups.

What TCP port do I need to allow in the firewall for the PBS on 192.168.2.0/24 to reach the PVE hosts on 192.168.1.0/24 ? Is it TCP port 443?

In summary, do I need 2 firewall rules or 1 firewall rule. If 1 firewall rule, what TCP port do I use and and on what network?

Thanks for the help!
 

dcsapak

Proxmox Staff Member
Staff member
Feb 1, 2016
7,600
907
163
33
Vienna
no, backups are push based (the client needs to reach the pbs on port 8007 (tcp) it uses http/http2)
the sync feature (pbs -> pbs) is pull based, there the target needs to reach the source again on port 8007 (tcp)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!