ProxMox firewall: strange behavior

aplsms

New Member
Nov 15, 2024
3
0
1
Hello, I have 2 VMs running on a single Proxmox server.

on all VMs I have:

Code:
$ nmap -Pn -p 22 10.10.21.117
Starting Nmap 7.95 ( https://nmap.org ) at 2024-11-16 22:01 PST
Nmap scan report for 10.10.21.117
Host is up (0.000086s latency).

PORT   STATE    SERVICE
22/tcp filtered ssh

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds

Code:
$ telnet  10.10.21.117 22
Trying 10.10.21.117...
telnet: connect to address 10.10.21.117: No route to host
telnet: Unable to connect to remote host

but:

Code:
$ ssh 10.10.21.117
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Sun Nov 17 05:58:36 2024 from 10.10.20.20
[apl@rl8ltfs ~]$

I've disabled firewall for the VM interface, no firewalls inside vMs, and stopped pre-firewall on ProxMox
Code:
root@proxmox:~# pve-firewall status
Status: disabled/stopped

so, I can't telnet to port 22 but I can ssh to this host.
 
Last edited:
Firstly, Telnet (default) runs on port 23.
From your nmap search we see that SSH is running on port 22 - this is also the default port for SSH.
We can also see from that nmap search that Telnet does not have an open port/service available.
Do you even have the Telnet service installed within your VM?

Please note that SSH is far more secure than the non-encrypted Telnet service.
 
Firstly, Telnet (default) runs on port 23.
From your nmap search we see that SSH is running on port 22 - this is also the default port for SSH.
We can also see from that nmap search that Telnet does not have an open port/service available.
Do you even have the Telnet service installed within your VM?

Please note that SSH is far more secure than the non-encrypted Telnet service.
This post makes no sense, please read the OP's post again. He is not trying to connect to the telnet port.

so, I can't telnet to port 22 but I can ssh to this host.
That is strange indeed. Can you please describe the guest OSes in more detail? Have you looked at the tcpdump output from the not working ssh server side? Are there any firewalls configured on the ssh server side? What about cat < /dev/tcp/10.10.21.117/22 from the client side? Does this work?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!