When we have many network interfaces (LAN or vlan) for a proxmox machine, we can access the WebGUI in PVE3 from any of them. This is so especially if we have an external firewall protecting it from the outside (WAN) but not from within the LAN unless the firewall is a KVM inside it.
Assuming our primary interface is eth0 (192.168.1.10) and the other interfaces we have that we wish to restrict access from are eth1 (192.168.2.0/24), eth2 (192.168.3.0/24) and our /etc/network/interfaces file is like:
Upload a file named /etc/default/pveproxy with the following contents to prevent other networks from barging in (see man pveproxy for details):
Now restart with
Assuming our primary interface is eth0 (192.168.1.10) and the other interfaces we have that we wish to restrict access from are eth1 (192.168.2.0/24), eth2 (192.168.3.0/24) and our /etc/network/interfaces file is like:
Code:
# network interface settings
auto lo
iface lo inet loopback
iface eth0 inet manual
iface eth1 inet manual
iface eth2 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
bridge_ports eth0
bridge_stp off
bridge_fd 0
auto vmbr1
iface vmbr1 inet static
address 192.168.2.10
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
auto vmbr2
iface vmbr2 inet static
address 192.168.3.10
netmask 255.255.255.0
bridge_ports eth2
bridge_stp off
bridge_fd 0Upload a file named /etc/default/pveproxy with the following contents to prevent other networks from barging in (see man pveproxy for details):
Code:
DENY_FROM="192.168.2.0/24,192.168.3.0/24"Now restart with
Code:
/etc/init.d/pveproxy restart