Hi Forum.
I have some questions, since I've reinstalled a Couple off times for making this setup rigth. I have
I would like to protect my PVE the best way - since its allso having a public IP. I've tried to make the best securiry with only allowing SSH keys and changed the default SSH port - enabled TOTP on GUI login, and created recovery keys.
My Network settings are like this:
But when doing a nmap off the IP of the PVE - I'm getting this resolv_
I would like to enable some firewall rules without been blocked myself -Normally I would just install ufw enabling the ports I'm needing (SSH WEBGUI Zabbix) - But then I'm thinking if this affect my secondary IP ? where normal traffixc are running (SMTP/HTTP/HTTPS/SUBMISSION) since well alll is bound on the same bridge - where the physical NIC enp41s0.
So I'm not sure on howto create som firewall rules to protect my PVE Public IP? And wuill they affect on my secondary IP when both IP's are on vmbr0 - thats wher my knowledge ends
Or is better to find a way to move PVE administration to VMbr1 so it'll be internally.
I have some questions, since I've reinstalled a Couple off times for making this setup rigth. I have
- 1 Dedicated Server hosted
- Only physical 1NIC
- 2Public IP's - on vmbr0
I would like to protect my PVE the best way - since its allso having a public IP. I've tried to make the best securiry with only allowing SSH keys and changed the default SSH port - enabled TOTP on GUI login, and created recovery keys.
My Network settings are like this:
Code:
auto lo
iface lo inet loopback
iface lo inet6 loopback
iface enp41s0 inet manual
auto vmbr0
iface vmbr0 inet static
address 74.229.XX.XX/26
gateway 74.229.XX.XX
bridge-ports enp41s0
bridge-stp off
bridge-fd 0
bridge_hw enp41s0
bridge_waitport 0
auto vmbr1
iface vmbr1 inet manual
bridge-ports none
bridge-stp off
bridge-fd 0
#ADMIN
Code:
# nmap -p "*" 74.229.XX.XX
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-10 10:48 UTC
Nmap scan report for MYDNS (74.229.XX.XX)
Host is up (0.021s latency).
Not shown: 8312 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
3128/tcp open squid-http
Nmap done: 1 IP address (1 host up) scanned in 2.49 secondsI would like to enable some firewall rules without been blocked myself -Normally I would just install ufw enabling the ports I'm needing (SSH WEBGUI Zabbix) - But then I'm thinking if this affect my secondary IP ? where normal traffixc are running (SMTP/HTTP/HTTPS/SUBMISSION) since well alll is bound on the same bridge - where the physical NIC enp41s0.
So I'm not sure on howto create som firewall rules to protect my PVE Public IP? And wuill they affect on my secondary IP when both IP's are on vmbr0 - thats wher my knowledge ends
Or is better to find a way to move PVE administration to VMbr1 so it'll be internally.