Problems with Proxmox + Port Knock

Tacioandrade

Renowned Member
Sep 14, 2012
120
17
83
Vitória da Conquista, Brazil
Hello everyone, I'm trying to configure Proxmo with Port Knock so that I can access Proxmox together with Port Knock so that I can protect some Proxmox that I have on dedicated players, without running the risk of being left stranded, if necessary (currently I only release my fixed IPs, but sometimes I'm on the street and can't access via 4G, for example).

I went to install knockd in my lab, configured the Firewall in the Datacenter and on the Host, dropped port 22 via the Firewall on the Host and ran the command with the Port Knock client. The log file says that the rule for the SSH port was created, but when I run iptables -L | grep 10.100.0.11, it doesn't list any rules for my IP.

Just to be on the safe side, I went to the shell and ran:
iptables -A INPUT -s 10.100.0.11 -p tcp --dport 22 -j ACCEPT

This way the rule is added, but the port is still blocked for my host.

Has anyone used this combination to give me a tip?
 
Bringing some updates! In this case, when I run the command below in CMD, it works perfectly:

/sbin/iptables -A PVEFW-INPUT -s 10.100.0.11 -p tcp --dport 22 -j ACCEPT

The problem I'm having is that it seems like knockd recognizes the entries, says it sent the command to CMD, but the commands are either not executed or are executed with an error and do not appear in iptables -L and are not applied.

I believe the problem is really with knockd. If anyone knows of another port-knock server to recommend, I would be very grateful!

And if I manage to get it working, I'll report back to the Forum.
 
I would suggest using wireguard or openvpn from your phone, it works like a charm.
 
I would suggest using wireguard or openvpn from your phone, it works like a charm.
Yes, another option would be to set up a VPN, but I thought about the possibility of Port Knock, because the idea would be to ultimately offer partners whose VMs I host on Proxmox a management interface for their machines, just like Contabo does, but without implementing any proprietary software (since all the open-source ones I saw have been discontinued), to access their VMs.

Today I only have 4 partners to whom I provide VPS, so implementing a paid solution for this would be unfeasible due to the costs, and making them connect to a VPN to access Proxmox would also be prohibitive, since some of them are not IT professionals.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!