Public Facing Proxmux VE

oemb1905

New Member
Jun 18, 2023
10
1
1
What is the Proxmux team's opinion on exposing VE publicly? I am seeing differing opinions online about this. Some argue it's no threat whatsoever so long as the instance is properly configured while others mention keeping VE behind, for example, pfsense. I searched "public facing" and some other terms on these forums, but did not locate clear guidance on this topic. Feedback appreciated.

Also, I am plenty experienced on this topic, in general. I don't need everyone's personal opinions - I just want to know what the Proxmux team's official guidance is on this.
 
“In that case the only way to get outgoing network accesses for your guest
systems is to use Masquerading. For incoming network access to your guests,
you will need to configure Port Forwarding.”

page 35 of the manual… proxmox Ve server at hosting provider with a single public Ip address

hoping it's useful ;)
 
I appreciate you chiming in, but I don't have a single IP address, though, I have about 50 or so IPs and it would join another rig at a proper data center. Failing to see why I would need masquerading - pretty sure I could just set up a bridge. And, also, that's off topic ... this post is about whether the proxmux team considers exposing the VE to the public, i.e., public facing, to be a security risk or a less than ideal scenario.
 
Hi,

Anything exposed on the Internet is a risk.
Nothing is safe 100%. Even if it will be a soft 100% safe, it is possible that at a some point the admin to make a mistake... we are not robots, and you can have a bad day.

So it is wise to lower the attack surface, this cand be done in many ways, a firewall, a vpn, and so on.

Good luck / Bafta!
 
  • Like
Reactions: _gabriel