Hello and thanks in advance for your help/
I have installed CSF Configserver firewall script to my server
Debian 11
PVE 7.1.10 Proxmox
- I have a question on incoming/Outgoing TCP and UDP ports
I need to know what ports from Proxmox go in those ports for TCP_in TCP_out UDP_in UDP_out
and where do I need to add them for Proxmox to work correctly?
So I do not get locked out of webgui 8006 and Proxmox and all my VM's will work.
- I only use noVNC while in PVE Manager in webgui so not sure if there is anything I need to add for that?
if anyone can help me as I am new to Proxmox and a newbie in general.
I don't really understand the difference between in and out.
so not sure where to add port 8006 and any other ports that needs to be configured for Proxmox to work correctly
- I have 3 vm's running 2 test and 1 production.
I found some link on "Proxmox Firewall wiki" that says somethings about certain ports, but I am lost as a newbie,
"if someone can show me once and I learn fast "
here is the ports i found on the wiki
.
--------------------------------------------------------------------------------------------------------------------------
and here is MY Script "CSF Configserver Firewall" information below,
need to know where to add the ports and what Proxmox Ports to add below.
this is the default ports after fresh install. I have this oof for now just incase I got locked out.
so before I turn it on, I need to add certain Proxmox ports
- but not sure which ones I need to add and where they go?
- also not sure if all the other ports below need to be there?
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
Add your required outgoing TCP ports in the following line:
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"
Add your required incoming UDP open ports in the following line:
# Allow incoming UDP ports
UDP_IN = "20,21,53,80,443"
Add your required outgoing UDP ports in the following line:
# Allow outgoing UDP ports
UDP_OUT = "20,21,53,113,123"
Save and close the file then reload the CSF firewall to apply the changes:
csf -r
Thank you so much again for your time!
Kind Regards
Spiro
I have installed CSF Configserver firewall script to my server
Debian 11
PVE 7.1.10 Proxmox
Code:
proxmox-ve: 7.1-1 (running kernel: 5.13.19-4-pve)
pve-manager: 7.1-10 (running version: 7.1-10/6ddebafe)
pve-kernel-helper: 7.1-12
pve-kernel-5.13: 7.1-7
pve-kernel-5.4: 6.4-11
pve-kernel-5.13.19-4-pve: 5.13.19-9
pve-kernel-5.13.19-3-pve: 5.13.19-7
pve-kernel-5.13.19-2-pve: 5.13.19-4
pve-kernel-5.4.157-1-pve: 5.4.157-1
pve-kernel-5.4.73-1-pve: 5.4.73-1
ceph-fuse: 15.2.15-pve1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown: 0.8.36+pve1
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.22-pve2
libproxmox-acme-perl: 1.4.1
libproxmox-backup-qemu0: 1.2.0-1
libpve-access-control: 7.1-6
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.1-3
libpve-guest-common-perl: 4.1-1
libpve-http-server-perl: 4.1-1
libpve-storage-perl: 7.1-1
libqb0: 1.0.5-1
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 4.0.11-1
lxcfs: 4.0.11-pve1
novnc-pve: 1.3.0-2
proxmox-backup-client: 2.1.5-1
proxmox-backup-file-restore: 2.1.5-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.4-6
pve-cluster: 7.1-3
pve-container: 4.1-4
pve-docs: 7.1-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.3-5
pve-ha-manager: 3.3-3
pve-i18n: 2.6-2
pve-qemu-kvm: 6.1.1-2
pve-xtermjs: 4.16.0-1
qemu-server: 7.1-4
smartmontools: 7.2-pve2
spiceterm: 3.2-2
swtpm: 0.7.0~rc1+2
vncterm: 1.7-1
zfsutils-linux: 2.1.2-pve1
- I have a question on incoming/Outgoing TCP and UDP ports
I need to know what ports from Proxmox go in those ports for TCP_in TCP_out UDP_in UDP_out
and where do I need to add them for Proxmox to work correctly?
So I do not get locked out of webgui 8006 and Proxmox and all my VM's will work.
- I only use noVNC while in PVE Manager in webgui so not sure if there is anything I need to add for that?
if anyone can help me as I am new to Proxmox and a newbie in general.
I don't really understand the difference between in and out.
so not sure where to add port 8006 and any other ports that needs to be configured for Proxmox to work correctly
- I have 3 vm's running 2 test and 1 production.
I found some link on "Proxmox Firewall wiki" that says somethings about certain ports, but I am lost as a newbie,
"if someone can show me once and I learn fast "
here is the ports i found on the wiki
Code:
Datacenter incoming/outgoing DROP/REJECT
If the input or output policy for the firewall is set to DROP or REJECT, the following traffic is still allowed for all Proxmox VE hosts in the cluster:
traffic over the loopback interface
already established connections
traffic using the IGMP protocol
TCP traffic from management hosts to port 8006 in order to allow access to the web interface
TCP traffic from management hosts to the port range 5900 to 5999 allowing traffic for the VNC web console
TCP traffic from management hosts to port 3128 for connections to the SPICE proxy
TCP traffic from management hosts to port 22 to allow ssh access
UDP traffic in the cluster network to port 5404 and 5405 for corosync
UDP multicast traffic in the cluster network
ICMP traffic type 3 (Destination Unreachable), 4 (congestion control) or 11 (Time Exceeded)
The following traffic is dropped, but not logged even with logging enabled:
TCP connections with invalid connection state
Broadcast, multicast and anycast traffic not related to corosync, i.e., not coming through port 5404 or 5405
TCP traffic to port 43
UDP traffic to ports 135 and 445
UDP traffic to the port range 137 to 139
UDP traffic form source port 137 to port range 1024 to 65535
UDP traffic to port 1900
TCP traffic to port 135, 139 and 445
UDP traffic originating from source port 53
--------------------------------------------------------------------------------------------------------------------------
and here is MY Script "CSF Configserver Firewall" information below,
need to know where to add the ports and what Proxmox Ports to add below.
this is the default ports after fresh install. I have this oof for now just incase I got locked out.
so before I turn it on, I need to add certain Proxmox ports
- but not sure which ones I need to add and where they go?
- also not sure if all the other ports below need to be there?
TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995"
Add your required outgoing TCP ports in the following line:
# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,53,80,110,113,443,587,993,995"
Add your required incoming UDP open ports in the following line:
# Allow incoming UDP ports
UDP_IN = "20,21,53,80,443"
Add your required outgoing UDP ports in the following line:
# Allow outgoing UDP ports
UDP_OUT = "20,21,53,113,123"
Save and close the file then reload the CSF firewall to apply the changes:
csf -r
Thank you so much again for your time!
Kind Regards
Spiro
Last edited: