PROXMOX VE FIREWALL

I do not see any security problem in your post. So if you post here, you should leave the post visible, so that others can benefit from your experience and the solution.
 
The problem was completely dependent on IP configuration, and we have had numerous attacks on our server as of recent weeks. Basically to put it simply we were having issues getting VM's to connect once firewall was enabled on the VNIC, This is because our VM's are on a separate IP block to the main server, and the host is running all the traffic through a VPN. Once we added the rules at datacenter level to only allow in administration IP addresses, and ALLOW OUT the IP range for VM's. We now have a secure server which cannot even be pinged or port scanned by the guest OS's, yet all VM's maintain connectivity, and we now have the ability to route specific IP's at host level so that all VM's are only allowed one IP address that's been allocated and configured using the vm level iptables.... NOTE: Part of the issue we had was when we ENABLE IP filter at VM level, this needs to be disabled, all rules set to drop, then add the allow IN/OUT rules including the allocated IP address in the appropriate source/destination options, the other half of the problem was allowing the IP range traffic OUT... Like anything the configuration will be unique for most depending on what they have in mind. I'm all for sharing information, although it seems i've not often found answers here on the forum and the recent attacks on our systems leave us hesitant to share specifics. Screenshot (351).png Screenshot (353).png
 
ALSO one thing to note. When doing port scans from a Guest OS, it used to show our server IP in TRACEROUTE.... NOW we are transparent to guest OS, and our only IP link is our VPN which also runs on a proxmox VPS which is set to start on boot with the host machine, and root login for ssh disabled.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!