ProxMox firewall: strange behavior

A

aplsms

New Member
Nov 15, 2024
4
0
1
Hello, I have 2 VMs running on a single Proxmox server.

on all VMs I have:

Code: 
$ nmap -Pn -p 22 10.10.21.117
Starting Nmap 7.95 ( https://nmap.org ) at 2024-11-16 22:01 PST
Nmap scan report for 10.10.21.117
Host is up (0.000086s latency).

PORT   STATE    SERVICE
22/tcp filtered ssh

Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds

Code: 
$ telnet  10.10.21.117 22
Trying 10.10.21.117...
telnet: connect to address 10.10.21.117: No route to host
telnet: Unable to connect to remote host

but:

Code: 
$ ssh 10.10.21.117
Activate the web console with: systemctl enable --now cockpit.socket

Last login: Sun Nov 17 05:58:36 2024 from 10.10.20.20
[apl@rl8ltfs ~]$

I've disabled firewall for the VM interface, no firewalls inside vMs, and stopped pre-firewall on ProxMox
Code: 
root@proxmox:~# pve-firewall status
Status: disabled/stopped

so, I can't telnet to port 22 but I can ssh to this host.
 
Last edited:
Firstly, Telnet (default) runs on port 23.
From your nmap search we see that SSH is running on port 22 - this is also the default port for SSH.
We can also see from that nmap search that Telnet does not have an open port/service available.
Do you even have the Telnet service installed within your VM?

Please note that SSH is far more secure than the non-encrypted Telnet service.
 
gfngfn256 said:
Firstly, Telnet (default) runs on port 23.
From your nmap search we see that SSH is running on port 22 - this is also the default port for SSH.
We can also see from that nmap search that Telnet does not have an open port/service available.
Do you even have the Telnet service installed within your VM?

Please note that SSH is far more secure than the non-encrypted Telnet service.
Click to expand...
This post makes no sense, please read the OP's post again. He is not trying to connect to the telnet port.

aplsms said:
so, I can't telnet to port 22 but I can ssh to this host.
Click to expand...
That is strange indeed. Can you please describe the guest OSes in more detail? Have you looked at the tcpdump output from the not working ssh server side? Are there any firewalls configured on the ssh server side? What about cat < /dev/tcp/10.10.21.117/22 from the client side? Does this work?
 
LnxBil said:
This post makes no sense, please read the OP's post again. He is not trying to connect to the telnet port.


That is strange indeed. Can you please describe the guest OSes in more detail? Have you looked at the tcpdump output from the not working ssh server side? Are there any firewalls configured on the ssh server side? What about cat < /dev/tcp/10.10.21.117/22 from the client side? Does this work
Click to expand...
Thank you, Guys. ProxMox is innocent in this case. My laptop is guilty. https://www.reddit.com/r/MacOS/comments/ujqn9f/macos_non_root_user_not_able_to_initiate_tcp/
I can’t even imagine that can happen. Tcpdump/wireshark prove that.
 
Last edited:
You must log in or register to reply here.
Top Bottom