LXC to LXC communication, firewall rules do not apply?

Percy

New Member
Feb 4, 2018
6
2
3
35
JUst finished setting up my firewall rules and i have everything working the way i want when testing from clients on the physical networks.

However it would seem that the firewall rules specified on a container does not apply when another container on the same host communicates.

Example:
I have a container running samba with file sharing, this has an IP on the network.
Another container is running Plex Media Server and is set up with another IP. Plex has all media stored on the file share served by the first container.

However, the container running samba has rule set up so that all traffic is dropped unless coming from a specified ip (my testing workstation for now). If that rule does not pass traffic is dropped. Disabling the rule does indeed drop traffic from my workstation.

However it would seem that my plex server has no issues accessing files on the network from the fileshare even though it has another IP.

I suspect this might be by design, but nonetheless - How do i control the "network traffic" between my containers on the same host?
 

Alwin

Proxmox Retired Staff
Retired Staff
Aug 1, 2017
4,617
453
88
Well, it depends at which point you added the rules. If they are not on the firewall on the container, then try to place them there.
 
  • Like
Reactions: Percy

Percy

New Member
Feb 4, 2018
6
2
3
35
Indeed! Applying the firewall rule on the node does work, but you have to restart all the containers (or at least i had to).

Thanks!
 

Alwin

Proxmox Retired Staff
Retired Staff
Aug 1, 2017
4,617
453
88
Indeed! Applying the firewall rule on the node does work, but you have to restart all the containers (or at least i had to).

Thanks!
When a firewall rule is created, we add a separate bridge to apply the rules to and the interfaces of CT/VM have to be reassigned to the new bridge. Best option is to shutdown and start the CT/VM to be sure.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!