Hello!
I'm using proxmox 6.1-5 in a debian 10 (buster). Current kernel:
Linux power 5.3.13-1-pve #1 SMP PVE 5.3.13-1 (Thu, 05 Dec 2019 07:18:14 +0100) x86_64 GNU/Linux
It is just setup, and I pretend to run mostly containers. We have only one ip (v4) address (and also ipv6 is configured).
Our intention is to run containers with a NATed network. For that we followed: https://pve.proxmox.com/wiki/Network_Configuration
section: Masquerading (NAT) with iptables.
When I boot up the server, firewall is disabled.
I run a container and I'm able to ping 8.8.8.8 (and also to access udp-tcp ports on the internet).
Then if I turn node firewall on and then off (via web interface) I can no longer access internet from inside the containers.
I've check and the list of rules present on each iptables' table are the same than previous to my interaction with the firewall.
How is it possible? any idea?
Ideally I'd like to have the firewall setup to only access ssh port but still allow masquerading and forwarding do their job to allow NAT in the containers.
Any idea is welcome,
Thanks!
ps: if required I can post my exact network configuration but is a clone from the one in the section mentioned above with our ip (v4)
I'm using proxmox 6.1-5 in a debian 10 (buster). Current kernel:
Linux power 5.3.13-1-pve #1 SMP PVE 5.3.13-1 (Thu, 05 Dec 2019 07:18:14 +0100) x86_64 GNU/Linux
It is just setup, and I pretend to run mostly containers. We have only one ip (v4) address (and also ipv6 is configured).
Our intention is to run containers with a NATed network. For that we followed: https://pve.proxmox.com/wiki/Network_Configuration
section: Masquerading (NAT) with iptables.
When I boot up the server, firewall is disabled.
I run a container and I'm able to ping 8.8.8.8 (and also to access udp-tcp ports on the internet).
Then if I turn node firewall on and then off (via web interface) I can no longer access internet from inside the containers.
I've check and the list of rules present on each iptables' table are the same than previous to my interaction with the firewall.
How is it possible? any idea?
Ideally I'd like to have the firewall setup to only access ssh port but still allow masquerading and forwarding do their job to allow NAT in the containers.
Any idea is welcome,
Thanks!
ps: if required I can post my exact network configuration but is a clone from the one in the section mentioned above with our ip (v4)
