Hello,
I would like to secure my Proxmox servers with the fireall.
However, I have a few questions:
For my VMs, I use Pfsense with a failover IP in front of the other machines. Is it necessary to put a rule to authorize the IP failover?
I don't fully understand how IP failover works.
I know it's bind to a MAC address add on the VM interface. But I don't know how this is "routed" to the VM. I do not see it in the Proxmox routes.
To be clearer, here is an example:
IP_PROXMOX = XX.XX.XX.XX
IP_FAILOVER = YY.YY.YY.YY
MY_HOME_IP = ZZ.ZZ.ZZ.ZZ
I want only MY_HOME_IP to be allowed to connect to IP_PROXMOX.
For IP_FAILOVER, no restriction (PfSense will take care of this).
If I understood correctly, there are different zones for the firewall?
One at the cluster level that applies to all hosts, and one at the host level that only applies to the server?
My cluster is in production, is it possible to "test" the rules or to go back (by restarting the server for example)?
Thank you in advance
I would like to secure my Proxmox servers with the fireall.
However, I have a few questions:
For my VMs, I use Pfsense with a failover IP in front of the other machines. Is it necessary to put a rule to authorize the IP failover?
I don't fully understand how IP failover works.
I know it's bind to a MAC address add on the VM interface. But I don't know how this is "routed" to the VM. I do not see it in the Proxmox routes.
To be clearer, here is an example:
IP_PROXMOX = XX.XX.XX.XX
IP_FAILOVER = YY.YY.YY.YY
MY_HOME_IP = ZZ.ZZ.ZZ.ZZ
I want only MY_HOME_IP to be allowed to connect to IP_PROXMOX.
For IP_FAILOVER, no restriction (PfSense will take care of this).
If I understood correctly, there are different zones for the firewall?
One at the cluster level that applies to all hosts, and one at the host level that only applies to the server?
My cluster is in production, is it possible to "test" the rules or to go back (by restarting the server for example)?
Thank you in advance