proxmox and multiple interfaces

Proxmox servers are designed to be behind a firewall. Proxmox Mail Gateway uses only one IP address, but two different SMTP ports (Port 25 for untrusted connections (incoming), port 26 for trusted (outbound) connections. So there is usually no need for 2 different IP addresses.
 
I realized that proxmox usually sat behind a firewall based on the docs. However, I'm paranoid. The diagram below details what I meant by public and private interfaces:


Internet --- DMZ FW--------proxmox--------INT FW------Internal network
^ ^
Public Private

My current config does not allow me to just one interface. Knowing that this is non-standard and that ports 25 and 26 would be open on the public interface, do you see a problem if I add a second interface and manually configure the routing? I've had to do this on unix as well as windows boxes and have had success with it.
 
We do not support that, sorry.

But if you really have a second firewall (as shown in the figure) it should be possible to make it work anyways, you do not need a second IP address nor a second Network card (maybe a hub/switch, but i think you already have one in such configuration).

Just allow SMTP traffic from Internet to Proxmox (on the DMZ FW), and allow SMTP traffic from proxmox to the Internal network (on the INT FW). I guess that should work?

- Dietmar
 
Yes, we can try to test that. But I need a valid email address to reach you - your server reject mails to beersj at moravion.edu, so i cant reach you per mail.

Code: 
May 24 16:52:26 localhost postfix/smtp[20136]: 94F8231932F: to=<beersj@moravian.edu>, relay=mp2.moravian.edu[204.186.176.176], delay=25191, status=deferred (conversation with mp2.moravian.edu[204.186.176.176] timed out while receiving the initial SMTP greeting)
[/code]
 
It looks there is a kernel problem on the Firewall. I only receive parts of the SMTP reply from your server.

- Dietmar
 
If you are using linux, the tcp sliding window setting may need to be set to a lower value. I'm not sure which of my devices (the packetshaper, the router, the firewall, or the mail proxy) is having issues with the tcp sliding window setting, but one of them is. A local university had issues sending us e-mail after upgrading to the latest fedora core distribution and they determined it to be the tcp sliding window setting. Let me know if that helps.
 
Do you know where to set this variable in the kernel - its not a standard setting, at least i cant find it.
 
Ok, here is a quick hack to configure your additional interface card:

  • login to your Proxmox with ssh
  • create a file named myinterfaces using vi:
    Code: 
    vi myinterfaces

    with the following content:

    Code: 
    iface eth1 inet static
    address XXX.XXXX.XXX.XXX
    netmask XXX.XXX.XXX.XXX
    gateway XXX.XXX.XXX.XXX

    replace XXX with the required network settings
  • then activate the interface with
    Code: 
    ifup -i myinterfaces eth1
  • you can deavtivat it using
    Code: 
    ifdown -i myinterfaces eth1
  • please note that the additional interface is not activated at boot time, and those additional settings are not saved with our backup script. But if this hack works for you, and you really want to use it, i can send you a script to startup those interface at boot time.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back