Firewall problem?

OmmadawnFR

New Member
Aug 30, 2023
1
0
1
Hello everyone

I have a problem and I'm looking for advice.

I have a server [SRV1] with its public IP [IP_PUB] vmbr0 and an internal IP [10.13.32.30] vmbr1.
I use OpenVPN to create the network 10.13.32.0 vmbr1

On this SRV1 server, I've installed a proxmox V8 with containers (Debian 11 or 12).
I've set up a subnet [10.13.32.X] to link each container to SRV1.

I've set up the proxmox firewall as follows: (I don't use ufw)
IN Accept rules for everyone, for ports 80, 443, 85, 111
IN Accept rules for my IP, for ports 22, 8006, 8080
IN Accept rule for network 10.13.32.0/24 for port 22

I have a container that serves as my database server [BDD] [10.13.32.31] with MariaDB
I have a container hosting a WEB 1 site [WEB_1] [10.13.32.32] with Apache and [10.13.32.30] as gateway
I have a container hosting a WEB 2 site [WEB_2] [10.13.32.33] with Apache and [10.13.32.30] as gateway.

On SRV1, I installed traefik and set up sites A (machine1.mon-domaine.fr) and B (machine2.mon-domaine.fr) in https.
It's up and running. I can see the sites from the outside.

SRV1 pings every container and every container pings SRV1.
SRV1 pings the outside (8.8.8.8 or google.fr).
However, the containers do not ping the outside (8.8.8.8 or google.fr). No response.
To upgrade the containers, I have to change the gateway to that of another server on the 10.13.32.0 network to access the repositories.

On SRV1 for ip route
default via IP_PUB.254 dev vmbr0 proto kernel onlink
10.13.32.0/20 dev vmbr1 scope link
IP_PUB.0/24 dev vmbr0 proto kernel scope link src IP_PUB
224.0.0.0/4 dev vmbr1 scope link

On WEB_1 for ip route
default via 10.13.32.30 dev eth0
10.13.32.30 dev eth0 scope link

Who has a clue?
Thanks for your help
OmmadawnFR
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!