Hi everyone,
I have enabled the firewall of PVE. Before I enabled it, I have followed the instructions in PVE Wiki - Firewall, including set
Also, I have used
What is even stranger is that not every connection is blocked when the firewall is activated. Sometimes I can successfully connect to the web GUI, but I can't get the JS file; sometimes I can't use the VM Console, and in some cases, I can't even log in. The browser would tell me "connection timeout". But if I close the firewall, all these problems gone. I'm not sure what the exact problem is. Do I have the wrong firewall settings or there is another mistake?
Does anyone have any suggestions?
Here is my server information:
Also, attached is the current firewall rule, the result of
I have enabled the firewall of PVE. Before I enabled it, I have followed the instructions in PVE Wiki - Firewall, including set
8006/tcp, 5900-5999/tcp, 22/tcp, 5404-5405/udp accept in datacenter level and host level.Also, I have used
pve-firewall simulate command to check whether my PC IP can pass the firewall or not. The result said "Action: ACCEPT", but I'm still not able to visit web GUI.What is even stranger is that not every connection is blocked when the firewall is activated. Sometimes I can successfully connect to the web GUI, but I can't get the JS file; sometimes I can't use the VM Console, and in some cases, I can't even log in. The browser would tell me "connection timeout". But if I close the firewall, all these problems gone. I'm not sure what the exact problem is. Do I have the wrong firewall settings or there is another mistake?
Does anyone have any suggestions?
Here is my server information:
Code:
proxmox-ve: 7.1-1 (running kernel: 5.13.19-1-pve)
pve-manager: 7.1-4 (running version: 7.1-4/ca457116)
pve-kernel-5.13: 7.1-4
pve-kernel-helper: 7.1-4
pve-kernel-5.11: 7.0-10
pve-kernel-5.13.19-1-pve: 5.13.19-2
pve-kernel-5.11.22-7-pve: 5.11.22-12
pve-kernel-5.11.22-4-pve: 5.11.22-9
pve-kernel-5.11.22-1-pve: 5.11.22-2
ceph: 16.2.6-pve2
ceph-fuse: 16.2.6-pve2
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown2: 3.1.0-1+pmx3
ksm-control-daemon: 1.4-1
libjs-extjs: 7.0.0-1
libknet1: 1.22-pve2
libproxmox-acme-perl: 1.4.0
libproxmox-backup-qemu0: 1.2.0-1
libpve-access-control: 7.1-1
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.0-14
libpve-guest-common-perl: 4.0-3
libpve-http-server-perl: 4.0-3
libpve-storage-perl: 7.0-15
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 4.0.9-4
lxcfs: 4.0.8-pve2
novnc-pve: 1.2.0-3
proxmox-backup-client: 2.0.14-1
proxmox-backup-file-restore: 2.0.14-1
proxmox-mini-journalreader: 1.2-1
proxmox-widget-toolkit: 3.4-2
pve-cluster: 7.1-2
pve-container: 4.1-2
pve-docs: 7.1-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.3-3
pve-ha-manager: 3.3-1
pve-i18n: 2.6-1
pve-qemu-kvm: 6.1.0-2
pve-xtermjs: 4.12.0-1
qemu-server: 7.1-3
smartmontools: 7.2-1
spiceterm: 3.2-2
swtpm: 0.7.0~rc1+2
vncterm: 1.7-1
zfsutils-linux: 2.1.1-pve3Also, attached is the current firewall rule, the result of
iptable-save. All internal IP address in that file has been masked.