firewall

conrad · Aug 19, 2009

please, can someone help me.

I know a hardware firewall is better but i need asap a working shorewall
on a proxmox host.
I have tried some howtos based on openvz but i cannot figure out which
interface to use for the kvm machine in de Interface file of shorewall.

net eth0
dmz venet0
dmz vmbr0 routeback,bridge (is not working)

do i have to use veth105.0 e.g.?

Does someone has a working shorewall config that works securing a kvm guest.

/dev/null · Aug 20, 2009

I've got a wokring pfSense Firewall (KVM).

Connected to an Intel Gigabit PCI-E Quad-Port NIC on 2 ports.

But can you describe your problem a bit better ?
I don't understand you, sry.

resignation · Aug 20, 2009

I use pfSense as well to protect all our proxmox servers, runs great under KVM and very small footprint.

Highly recommended!

conrad · Aug 20, 2009

Thanks for you post.

Problem is that i want temporarily a working firewall (iptables)
on the host.

I have a iptable script running which is descibed at the openvz site
(http://wiki.openvz.org/Setting_up_an_iptables_firewall) and
the altered version discribed at the Montana Linux site (http://www.montanalinux.org/node/1098)

Both run fine but it appears my openvz containers are well protected and my 2 kvm "containers" are wide open.
Ive tried differend rules but it appears i cannot block traffic
to the kvm containers.

A firewall in a container or kvm is not the best solution according this forum.

I hope this makes my problem more clear?

tom · Aug 20, 2009

anyone interested in creating a wiki article about pfsense and Proxmox VE? (or any other firewall distro on KVM with Proxmox VE)?

conrad · Aug 21, 2009

That would be nice...

i want to create an different network for my kmv machines and
protect them with pfsense (kvm).

I added:

auto vmbr1
iface vmbr1 inet static
address 192.168.0.10
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0

the pfsense has two interfaces:
wan: 10.0.0.13
lan: 192.168.0.13

but no results what so ever, so a wiki page would be nice.

conrad · Aug 21, 2009

I think i managed to install a pfsense in KVM myself, do not know why it
didnt work at first because it is so simple

created a vmbr1 with eg 192.168.0.1 (not attached to a phys. interface)

created a vm (kvm) with two nics (vmbr0 and vmbr1)
check the mac addresses because during install of pfsense the order
of the interfaces are mostly switched. eg em1 = wan, em0 = lan

and for other vm's in this network use the ip of pfsense as gateway and dns.

It seems that's it. So after i checked everything i maybe write the wiki page myself

michaelvv · Sep 2, 2009

Hi Conrad...

If you don't mind please post your /etc/network/interfaces setup
it would be nice for us who want's to use pfsense too.

/Michael

numski · Sep 29, 2009

All,
Check out this, its a sample shorewall firewall setup and may give some good hints for others out there wanting to implement a firewall under other packages.

http://www.myatus.co.uk/2009/08/31/guide-firewall-and-router-with-proxmox

-mark

Search

Search

firewall

conrad

Member

/dev/null

Member

resignation

Member

conrad

Member

tom

Proxmox Staff Member

conrad

Member

conrad

Member

michaelvv

Renowned Member

numski

Member

We value your privacy