How to Resolve Vulnerabilities in IPv6 Cluster without Vrack on OVH?

[MARCELO PINHEIRO MACHADO]

Good afternoon! I am facing a challenge with a cluster hosted on OVH consisting of 5 servers, each with a public IP. The cluster is working fine with IPv6, but I have identified some vulnerabilities, such as public communication between servers, the absence of a private network, and direct access to servers via public IPs (IPv4 and IPv6). The client's contract does not cover the Vrack option, and adding a VM with pfSense or OPNsense seems to interfere with the cluster. I need to restrict access to the servers via public IP without compromising the cluster's functionality. The client is not considering migrating to a Vrack-inclusive contract. Any suggestions, or has anyone successfully dealt with a similar scenario? Appreciate any guidance!

 

[weconnect]

Hello

try restrict access via Firewall rules.

setup a private ip address that the cluser uses for communications.

if the clients dont want to upgrade than tell the client that as it wont want to upgrade you cant secure it and that its not on you guys if/when it gets hacked. this is not a proxmox issue if the client dont want to do it. have then sign a contract or if a email notifying them about it is good enouth than all is well until they get hacked.

 

[MARCELO PINHEIRO MACHADO]

Complicated, I am tied up, unable to use the vrack. I will try to limit it through the firewall. Thank you very much!