firewall Proxmox vs Firewall in the VM

P

pille99

Member
Sep 14, 2022
358
22
18
hello all

as i understand, or from the logically point, the firewall function of level Proxmox (Cluster, Host and VM) it should be the underlaying layer which is the firewall configured
means: if i add a network interface and configure on the network interface port 80, than in the VM is only port 80 available ! - is that assumption correct ?
on the other hand: without predefined rules on hardware level, the whole traffic with all open ports goes to the VMs OS.
is that correct ?
 
on the other hand: without predefined rules on hardware level, the whole traffic with all open ports goes to the VMs OS.
Click to expand...

yes, that mean that you have cpu used for virtualization of network packets before being blocked by your vm os.
If you have a ddos for example, it's a lot better/performant to block before entering the vm.
 
can somebody write me some examples plz
how the rules would look like. the servers are in different sdn, and different IPs. i would love to have the rules from IP to IP (p2p).

the question, which i can not understand from the docu, but my common sense tells me - if i make a rule "on hardware level (proxmox)" than the traffic goes only from point a to point b.
as in the drawing: the opnsense firewall connects all vnets
does the firewalls need to go from fileserver to opnsense and a seperate rule from opn to "fileserver access" servers ? or can i really go from IP_fileserver to ip_AccessFileserver ?

later, i segragete more the network,
SDN -> VNets -> 3 to 5 subnets

thx for your input
 

Attachments

  • firewall_proxmox.JPG
    firewall_proxmox.JPG
    175.4 KB · Views: 11
the proxmox firewall is done at bridge level. (It's like you have a independent firewall in front of each vm interface)

that mean than you can firewall betwen 2 vm on the same subnet too, without any central gateway


vm1 interface------(firewall)--------vmbr0-----(firewall)---->vm2 interface
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back