PVE Apache service listening on all address and ipv6

[Dcn]

Dear readers,

I recently decided to test PVE and enjoy for the moment.

However, I experience troubles while installing pfSense as a KVM.

For instance, the PVE apache daemon is listening on all IP address on port 80 and 443 on ALL IP addresses, which is then causing troubles when I want to access the configuration interface of PfSense

I already tried to change the VirtualHost configuration of PVE by replacing *:80 and *:443 by 192.168.1.1:80 (same for 443) without any success yet.

Second issue is also that apache seems to listen on ipv6, and therefore on ipv4 as well:

proxmox:/boot# netstat -anp |grep apache
tcp6 0 0 :::80 :::* LISTEN 2627/apache2
tcp6 0 0 :::443 :::* LISTEN 2627/apache2

Yes I did restart apache and PVE, nothing has changed.

Any hint?

 

[Dcn]

Got my answers, sorry for asking stupid things

 

[bread-baker]

well could you post your solution, please, so that others will know the answer if they search and find this thread.

thanks

 

[Dcn]

Sure I will give my 2 cts.

So regarding the apache listening on all IP addresses, I changed /etc/apache/sites-available/pve.conf

Line 114: changed <VirtualHost *:443> to <VirtualHost 192.168.0.100:443>
Line 127: changed <VirtualHost *:80> to <VirtualHost 192.168.0.100:80>

I also changed the content of /etc/apache2/ports.conf to:
Listen 192.168.0.100:80
Listen 192.168.0.100:443

and finaly I decided to disable IPV6 by adding the following line to the bridge interface supporting the LAN connection:
auto vmbr0
iface vmbr0 inet static
address 192.168.0.100
netmask 255.255.255.0
gateway 192.168.0.254
bridge_ports eth0
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6

So now I'm able to access my pfSense admin interface using http/s.

My final problem is not solved yet since I did not succeed in running pfSense with 2 NIC ( I read also the whole forum without going much further, still investigating...)

 

[bread-baker]

did you check this thread:
http://forum.proxmox.com/threads/658-2-nics-on-one-KVM

 

[Dcn]

Yes I checked it but the discussed solution does not work for me.

I would like to use eth1 (so vmbr1) as the WAN interface of pfSense but then I should receive the IP address using DHCP. This address never come.
It sounds like the problem were having several MAC addresses on one cable upset ISP but I tried puttinh the same MAC addr to both eth1 and vmbr1 without success yet.

 

[apmuthu]

Should the following line in your post:

Line 127: changed <VirtualHost *:80> to <VirtualHost 192.168.0.150:80>

be

Line 127: changed <VirtualHost *:80> to <VirtualHost 192.168.0.[B]100[/B]:80>

 

[bread-baker]

I think that a firewall/router [ pfsense ] should be the only computer directly connected to the internet . and the other computers would have lan i/p addresses. I am far from an expert , but that is how we have used pfsense for years.

pfsense is the gateway .

 

[Dcn]

You are absolutely right. Fixed.

 

[Dcn]

You are right, this is a best practice to isolate the firewall.
However, I'm mainly testing solutions right now, and although I do have a firewall for my real network I would like to actually test having a firewall inside a VM