Hello,
I have a dedicated server with proxmox 8.1 installed on it. The host has a bridge named vmbr0 connected to the physical interface.
The host has a public IP on this vmbr0, let's say 12.34.56.78.
I have created a VM for my internet-facing services and connected its NIC to vmbr0 so I could assign another public IP to it and avoid NATing traffic.
This VM has the public IP 12.34.156.78.
Everything seemed to work like a charm : VM has connectivity to the internet, I can manage my own iptables rules in it and avoid NAT by directly exposing it towards internet.
Now comes the weird part :
I noticed a lot of incoming traffic that seemed to originate from the host towards the VM, especially SMTP attempts, zone transfer requests... But nothing is configured on proxmox to use the SMTP server on my VM nor host DNS zones.
Then I noticed incoming external emails being rejected for SPF fail, and noticed that the SPF was failing because the server was checking the host IP instead of the actual sender's IP, making it failing obviously...
In the incoming traffic there is probably ssh attempts as well, being banned by fail2ban. Problem : the source IP being "translated" to the one of the host, that's the one being banned, I get locked out of the server because my connections seems to origin from the host has well.
Is there a mechanism, maybe in proxmox firewall which can cause this kind of behavior ? If I disabled the firewall in the VM settings, nothing changes...
Any help is welcome
I have a dedicated server with proxmox 8.1 installed on it. The host has a bridge named vmbr0 connected to the physical interface.
The host has a public IP on this vmbr0, let's say 12.34.56.78.
I have created a VM for my internet-facing services and connected its NIC to vmbr0 so I could assign another public IP to it and avoid NATing traffic.
This VM has the public IP 12.34.156.78.
Everything seemed to work like a charm : VM has connectivity to the internet, I can manage my own iptables rules in it and avoid NAT by directly exposing it towards internet.
Now comes the weird part :
I noticed a lot of incoming traffic that seemed to originate from the host towards the VM, especially SMTP attempts, zone transfer requests... But nothing is configured on proxmox to use the SMTP server on my VM nor host DNS zones.
Then I noticed incoming external emails being rejected for SPF fail, and noticed that the SPF was failing because the server was checking the host IP instead of the actual sender's IP, making it failing obviously...
In the incoming traffic there is probably ssh attempts as well, being banned by fail2ban. Problem : the source IP being "translated" to the one of the host, that's the one being banned, I get locked out of the server because my connections seems to origin from the host has well.
Is there a mechanism, maybe in proxmox firewall which can cause this kind of behavior ? If I disabled the firewall in the VM settings, nothing changes...
Any help is welcome
