I'd like to test proxmox on a server with two network interfaces - a public and private interface. Can I log into the console and configure the OS to allow this. I will using the proxmox server for inbound e-mail only.
proxmox and multiple interfaces
- Thread starter mcnetadm
- Start date
Proxmox servers are designed to be behind a firewall. Proxmox Mail Gateway uses only one IP address, but two different SMTP ports (Port 25 for untrusted connections (incoming), port 26 for trusted (outbound) connections. So there is usually no need for 2 different IP addresses.
I realized that proxmox usually sat behind a firewall based on the docs. However, I'm paranoid. The diagram below details what I meant by public and private interfaces:
Internet --- DMZ FW--------proxmox--------INT FW------Internal network
^ ^
Public Private
My current config does not allow me to just one interface. Knowing that this is non-standard and that ports 25 and 26 would be open on the public interface, do you see a problem if I add a second interface and manually configure the routing? I've had to do this on unix as well as windows boxes and have had success with it.
Internet --- DMZ FW--------proxmox--------INT FW------Internal network
^ ^
Public Private
My current config does not allow me to just one interface. Knowing that this is non-standard and that ports 25 and 26 would be open on the public interface, do you see a problem if I add a second interface and manually configure the routing? I've had to do this on unix as well as windows boxes and have had success with it.
We do not support that, sorry.
But if you really have a second firewall (as shown in the figure) it should be possible to make it work anyways, you do not need a second IP address nor a second Network card (maybe a hub/switch, but i think you already have one in such configuration).
Just allow SMTP traffic from Internet to Proxmox (on the DMZ FW), and allow SMTP traffic from proxmox to the Internal network (on the INT FW). I guess that should work?
- Dietmar
But if you really have a second firewall (as shown in the figure) it should be possible to make it work anyways, you do not need a second IP address nor a second Network card (maybe a hub/switch, but i think you already have one in such configuration).
Just allow SMTP traffic from Internet to Proxmox (on the DMZ FW), and allow SMTP traffic from proxmox to the Internal network (on the INT FW). I guess that should work?
- Dietmar
We really have two separate networks between the two firewalls - a routable network and an RFC non-routable network.
It's not supported. Would you be willing to use us as a testbed? It's basically routing and we can handle that.
It's not supported. Would you be willing to use us as a testbed? It's basically routing and we can handle that.
Yes, we can try to test that. But I need a valid email address to reach you - your server reject mails to beersj at moravion.edu, so i cant reach you per mail.
[/code]
Code:
May 24 16:52:26 localhost postfix/smtp[20136]: 94F8231932F: to=<beersj@moravian.edu>, relay=mp2.moravian.edu[204.186.176.176], delay=25191, status=deferred (conversation with mp2.moravian.edu[204.186.176.176] timed out while receiving the initial SMTP greeting)If you can get me the IP address of your sending server I can look in the logs. I don't have any error messages from proxmox.com in the logs at this point.
It looks there is a kernel problem on the Firewall. I only receive parts of the SMTP reply from your server.
- Dietmar
- Dietmar
If you are using linux, the tcp sliding window setting may need to be set to a lower value. I'm not sure which of my devices (the packetshaper, the router, the firewall, or the mail proxy) is having issues with the tcp sliding window setting, but one of them is. A local university had issues sending us e-mail after upgrading to the latest fedora core distribution and they determined it to be the tcp sliding window setting. Let me know if that helps.
Do you know where to set this variable in the kernel - its not a standard setting, at least i cant find it.
Ok, here is a quick hack to configure your additional interface card:
- login to your Proxmox with ssh
- create a file named myinterfaces using vi:
Code:vi myinterfaces
with the following content:
Code:iface eth1 inet static address XXX.XXXX.XXX.XXX netmask XXX.XXX.XXX.XXX gateway XXX.XXX.XXX.XXX
replace XXX with the required network settings
- then activate the interface with
Code:ifup -i myinterfaces eth1 - you can deavtivat it using
Code:ifdown -i myinterfaces eth1 - please note that the additional interface is not activated at boot time, and those additional settings are not saved with our backup script. But if this hack works for you, and you really want to use it, i can send you a script to startup those interface at boot time.
Thank you for the info. I'll try this over the next week or so and then contact you. I need to do a little machine shuffle to free up a dual-nic'd machine. I'll also look for that kernel setting.