Hello,
I have a strange issues when enable proxmox firewall.
Proxmox version: 4.2-48
NODE-1, NODE-2, NODE-3 are in same cluster.
KVM virtualization.
NODE-1, NODE-2, NODE-3 network config vmbr0 (eth0 gigabit) , no vlans
When proxmox firewall is ON openvpn clients and even openvpn server with ip 10.0.10.3 cant access machines on different node except node-1 which are in 192.168.10.0/24 subnet.
Clients can ping all address but cant access as example 192.168.10.12, 192.168.10.13 via ssh. They can access only machines on NODE-1 like web-1.
When try to access machines on node-2 by 10.0.10.3 (openvpn server) i watching iptables on NODE-1 and especially PVEFW-FORWARD first rule in this chain and its counters is rising.
When delete this rule which is ( DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID ) i have access and everything works fine.
It's looks like those packages are invalid by i cant understand why.
No other rules are enabled when testing this configuration.
Is there anyone which have such issues and is there any workaround to resolve this ?
I have a strange issues when enable proxmox firewall.
Proxmox version: 4.2-48
NODE-1, NODE-2, NODE-3 are in same cluster.
KVM virtualization.
NODE-1, NODE-2, NODE-3 network config vmbr0 (eth0 gigabit) , no vlans
When proxmox firewall is ON openvpn clients and even openvpn server with ip 10.0.10.3 cant access machines on different node except node-1 which are in 192.168.10.0/24 subnet.
Clients can ping all address but cant access as example 192.168.10.12, 192.168.10.13 via ssh. They can access only machines on NODE-1 like web-1.
When try to access machines on node-2 by 10.0.10.3 (openvpn server) i watching iptables on NODE-1 and especially PVEFW-FORWARD first rule in this chain and its counters is rising.
When delete this rule which is ( DROP all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID ) i have access and everything works fine.
It's looks like those packages are invalid by i cant understand why.
No other rules are enabled when testing this configuration.
Is there anyone which have such issues and is there any workaround to resolve this ?