How to handle ports/firewall with Debian Buster lxc?

PeterZ

Active Member
Jul 18, 2019
38
1
28
54
Hi guys

I have created a container based on a Debian Buster template to use as a VPN server.
The problem I have is that only port 22 is available towards that machine and I'm puzzled on how to solve this (fairly new to Proxmox/containers and Linux is not my strongest point)
My Proxmox installation had been redone recently, did not change anything related to firewalling.

I tried to open a port on the console of the lxc with:
Code:
iptables -A INPUT -p udp --dport <port number> --jump ACCEPT
iptables-save
If I check with "netstat -tulpen" that specified port is not listed.

Can someone please help me out on this?

TIA
 
iptables -A INPUT -p udp --dport <port number> --jump ACCEPT
iptables-save

If you haven't changed anything else inside the container, these rules are unnecessary, as the default policy for the filter->INPUT in Debian is already ACCEPT. Also, just FYI, iptables-save doesn't "save" the config anywhere, it just prints it so you can save it to a file manually, rules are automatically activated.

If I check with "netstat -tulpen" that specified port is not listed.

Yes, that's normal. 'netstat' doesn't show "open" ports, it shows ports where programs are actually listening. All ports are "open" by default, just no application is awaiting any communication. Is the VPN server you mentioned already running?


A quick way to demonstrate and test your connectivity is via python:

Run python3 -m http.server 4444 on your container, then access 'http://<container-ip>:4444' in a web browser. If you see a directory listing, port 4444/tcp (replace with whatever if you like) is open. Then, 'netstat' will also show port 4444 being "in use" on the container.
 
  • Like
Reactions: PeterZ
Hi Stefan, thanks for stepping in.

I have used other (bare bone) virtualisation platforms before but containers are new for me so it's not really clear how the interaction between the container and it's environment exactly works.
Therefor I was a puzzled whether this was a firewall issue, even-though the firewall settings seemed to be OK in the web interface.

Thanks a LOT!
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!