firewall

C

conrad

Member
Nov 20, 2008
110
0
16
please, can someone help me. :)

I know a hardware firewall is better but i need asap a working shorewall
on a proxmox host.
I have tried some howtos based on openvz but i cannot figure out which
interface to use for the kvm machine in de Interface file of shorewall.

net eth0
dmz venet0
dmz vmbr0 routeback,bridge (is not working)

do i have to use veth105.0 e.g.?

Does someone has a working shorewall config that works securing a kvm guest.
 
Last edited:
I've got a wokring pfSense Firewall (KVM).

Connected to an Intel Gigabit PCI-E Quad-Port NIC on 2 ports.

But can you describe your problem a bit better ?
I don't understand you, sry.
 
I use pfSense as well to protect all our proxmox servers, runs great under KVM and very small footprint.

Highly recommended!
 
Thanks for you post.

Problem is that i want temporarily a working firewall (iptables)
on the host.

I have a iptable script running which is descibed at the openvz site
(http://wiki.openvz.org/Setting_up_an_iptables_firewall) and
the altered version discribed at the Montana Linux site (http://www.montanalinux.org/node/1098)

Both run fine but it appears my openvz containers are well protected and my 2 kvm "containers" are wide open.
Ive tried differend rules but it appears i cannot block traffic
to the kvm containers.

A firewall in a container or kvm is not the best solution according this forum.

I hope this makes my problem more clear?
 
anyone interested in creating a wiki article about pfsense and Proxmox VE? (or any other firewall distro on KVM with Proxmox VE)?
 
That would be nice...

i want to create an different network for my kmv machines and
protect them with pfsense (kvm).

I added:

auto vmbr1
iface vmbr1 inet static
address 192.168.0.10
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

the pfsense has two interfaces:
wan: 10.0.0.13
lan: 192.168.0.13

but no results what so ever, so a wiki page would be nice.
 
I think i managed to install a pfsense in KVM myself, do not know why it
didnt work at first because it is so simple :)

created a vmbr1 with eg 192.168.0.1 (not attached to a phys. interface)

created a vm (kvm) with two nics (vmbr0 and vmbr1)
check the mac addresses because during install of pfsense the order
of the interfaces are mostly switched. eg em1 = wan, em0 = lan

and for other vm's in this network use the ip of pfsense as gateway and dns.

It seems that's it. So after i checked everything i maybe write the wiki page myself :)
 
Hi Conrad...

If you don't mind please post your /etc/network/interfaces setup
it would be nice for us who want's to use pfsense too. :-)

/Michael
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom