How to restrict certain IP only for certain virtual server?

S

stalker

Active Member
May 3, 2015
9
1
43
Hello,
I would like to ask what possibilities exist if I want to restrict certain IP only for certain virtual server. I would like to prevent the users from stealing their IP adresses among themselves. I want every virtual server to be able to use only its IP adress that had been assigned previously. Is it possible to make it somehow not only throught Proxmox Firewall? In my opinion Proxmox Firewall would task CPU of the host server too much. If there is not any other solution than the Firewall, how is it best to do it?

Thank you
 
In a VM the guest has its own network stack, so you can't really force it to only use specific IP addresses without involving the host's firewall.
If you want to add rules specific to VMs you can click the VM, go to the firewall tab, then the options tab at the bottom and enable the firewall there first, since VM-specific firewall rule sets can be enabled individually per VM.
Then in the VM's rules list you can restrict traffic to certain IPs.
See the wiki (Proxmox VE Firewall) for more info on some of the internals.
 
Ok, I have set the rule that will restrict the traffic on the network card if it has different IP address from that which was previously assigned. If the virtual server doesn’t have IP address that was assigned previously, every outgoing traffic will be stopped. But the incoming (e.g. SSH) will be in function. Is it somehow possible to completly stop the traffic in both directions if the virtual server doesn’t have correct IP address?
 
You might be able to create a VM specific firewall rule to block all traffic if its source or destination are not what was allocated originally. However if you are providing access to the VM's only via RDP or SSH and use SNAT (1:1) at your network edge for public IP mapping, they will loose connectivity to the VM if they change it anyway. If the clients are on an internal network as well, the only way I can think of doing this without installing security software is by using the proxmox firewall, but they will still be able to change the address... Only it will be blacked out on the network if they do change it.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back