Only allow access to the Proxmox node and web application via a single IP.

Z

Zebaschtian

New Member
Mar 13, 2022
1
0
1
24
Hello,

I have two Proxmox hosts in a cluster and I want to be able to access both nodes with SSH and web application only via a specific IP address.

How is this possible without causing problems with the cluster?


Thank you for your help,
Sebastian
 
Hi,

One way would be to could use the LISTEN_IP config from pveproxy (API) and ListenAddress config from sshd to make the daemon only listen on specific addresses.

See the reference documentation for the Proxmox VE part:
https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_pveproxy_proxmox_ve_api_proxy_daemon

And the man sshd_config manual page for the SSH daemon option documentation.

Note that the PVE nodes still need to be able to talk to each other, especially via API and for some tasks still via SSH, so if they use different, e.g., private addresses be sure to also accept those also in the listening range.

Alternatively you could setup firewall rules so that there's an outgoing that's only allowed for the known good source IP ranges and the remaining ones get rejeced by a lower priority "catch all" rule.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back