only allow VM to connect to CT

A

Afox

Renowned Member
Dec 18, 2014
257
12
83
Hello guys,

I want to setup a Samba CT that only should be accessible by one specific VM on the same node. Since there are advanced networking possibilities on Proxmox VE (and this is the first time I try to do so) I want to ask how I should config the CT to make it save from every attack that is coming from "outside".

Thanks in advance!

Regards,

Afox
 
Personally I would create a vmbr that is only used between the ct and that VM. Not attached to an ETH device.
 
the VM has to be accessible through the internet. is that a problem in your scenario?
 
after I wrote my answer I found this article about the Proxmox Network Model that made your statement clear for me: https://pve.proxmox.com/wiki/Network_Model

as far as I understand the CT would be controlled (SSH) by the VM if there is no more vmbr to outside, correct?

many thanks for your patience.

Regards,

Afox
 
hello again. I am stuck. could you please give me some instruction how to setup this virtual network? I have a lot of thoughts about this but maybe you (or anyone else who allready has successfully established smth like this) can make it a little more clear? Thanks in advance!
 
hello guys, sorry for pushing but I am still searching for a solution to directly connect VM and CT. I am grateful for any hint. Regards, Afox
 
I'm not really sure I understand where you are stuck.

Make a KVM give it 2 NICs. One nic on a vmbr that has access to outside network.

After you get this VM setup, add another nic to it on a vmbr that is not bridged to a physical nic, give it a static IP in the VM.

Setup your vz with a nic on the same vmbr that is not connected to a physical nic. Give it an IP address in the same subnet as the other servers secondary IP.

That's it. You have a private network between the 2 and the vz doesn't have internet access
 
tbh I don´t know how to setup the internal vmbr. what IP should I fill in? Something between 10.0.0.0 and 10.255.255.255 as this is one of the private adress range? what do I fill in at subnet mask and Gateway? I think I just need an example for this and then I will understand.
 
ok, thank you. I set up a new vmbr and restarted. Then I added the NIC to the VM. Next I add a veth-NIC to the CT choosing the newly created vmbr?
 
thank you again. this brought me much more in the right direction. Tomorrow I will try to setup the new NICs :) Best regards, Afox
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back