How to disable (firewall) proxmox-backup-proxy to local IP addresses

[hand363]

Hello,

I am looking for a way to block access to the default proxmox-backup-proxy web server. I have nginx running and passing the traffic from port 443 to 8007, I just need something similar to /etc/default/pveproxy to whitelist/blacklist IPs. Can anyone give me guidance on how I could do this.

Thanks for the suggestion in advance, great products!

 

[Chris]

Hi,

Hello,

I am looking for a way to block access to the default proxmox-backup-proxy Web server. I have nginx running and passing the traffic from port 443 to 8007, I just need something similar to /etc/default/pveproxy to whitelist/blacklist IPs. Can anyone give me guidance on how I could do this.

What's your use case for this? Note that it is not recommended to expose the PBS API and WebUI to the public internet. You should use a VPN if you require the PBS instance to be accessible from a remote location.

Also, there is no firewall integration in PBS, so you will have to either use iptables or use a custom solution. If your PBS runs inside a VM on top of PVE you can utilize the PVE guest firewall rules to filter traffic.

 

[hand363]

@Chris, any idea why i would get a fetching datastore error instead of a connection?

 

[Chris]

I'm not familiar with your network topology and where the proxy is running, but your IP tables rule tells to drop all tcp traffic to port 8007, independent whether it comes from the proxy or the external client? Most likely that is your issue.