PVE-Firewall and PVE-Proxy, unable to access WebGUI

brian.ward

brian.ward

New Member
Proxmox Subscriber
Jul 20, 2021
3
0
1
Houston, TX
I've looked at the forum post:
https://forum.proxmox.com/threads/pve-firewall-and-gui-access.88720/

This is essentially identical to my issue.

To speed things up, I wanted to provide the discovery information that is typically requested.

ss -antlp:
We are importantly seeing "*:8006"
Code: 
LISTEN                0                     4096                                               *:8006                                             *:*                    users:(("pveproxy worker",pid=270420,fd=6),("pveproxy worker",pid=270419,fd=6),("pveproxy worker",pid=270418,fd=6),("pveproxy",pid=270417,fd=6))

cat /etc/hosts
Code: 
127.0.0.1 localhost.localdomain localhost
192.168.250.231 esx2.virtualhost.me esx2

cat /etc/pve/nodes/esx2/host.fw
Code: 
[RULES]

IN ACCEPT -p tcp -dport 4081 -log nolog # Virtualizor -
IN ACCEPT -p tcp -dport 4082 -log nolog # Virtualizor -
IN ACCEPT -p tcp -dport 4083 -log nolog # Virtualizor -
IN ACCEPT -p tcp -dport 4084 -log nolog # Virtualizor - HTTP
IN ACCEPT -p tcp -dport 4085 -log nolog # Virtualizor - HTTPS


Environment Info:
Proxmox VE 7.0-1

Virtualizor installed: [version 3.0.6]
(This still works perfectly fine)

NeoRouter Installed: (similar to logmein hamachii; meets zerotier) [version 2.6.2.5020]
(This still works perfectly fine)

The system worked (survived) several reboots, but I'm unable to access the Web-Gui.

Troubleshooting:
I have tried disabling neorouter which uses a nrtap interface.
Shutting down the firewall:
Code: 
pve-firewall stop

Restarting the pveproxy (GUI):
Code: 
service pveproxy restart

But I'm still unable to access the system's administrative web portal at https://IPADDRESS:8006

For good measure I did add the suggested fix there into the firewall: (I just removed the interface restriction, and IP address biding requirements)
nano /etc/pve/nodes/esx2/host.fw
Code: 
IN ACCEPT -p tcp -dport 8006 -log nolog # TCP ADMIN HTTPS ACCESS
IN ACCEPT -p udp -dport 8006 -log nolog # UDP ADMIN HTTPS ACCESS

Then enabled/restarted the firewall, as well as the proxy.

Interface List:
ip addr
Code: 
root@esx2:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether ac:1f:6b:56:70:12 brd ff:ff:ff:ff:ff:ff
3: enp1s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether ac:1f:6b:56:70:13 brd ff:ff:ff:ff:ff:ff
4: enp6s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether ac:1f:6b:56:70:14 brd ff:ff:ff:ff:ff:ff
5: enp6s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether ac:1f:6b:56:70:15 brd ff:ff:ff:ff:ff:ff
6: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ac:1f:6b:56:70:12 brd ff:ff:ff:ff:ff:ff
    inet 192.168.250.231/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::ae1f:6bff:fe56:7012/64 scope link
       valid_lft forever preferred_lft forever
9: nrtap: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1300 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/ether d2:ed:e3:b2:19:9a brd ff:ff:ff:ff:ff:ff
    inet 100.65.0.37/22 brd 100.65.3.255 scope global nrtap
       valid_lft forever preferred_lft forever
    inet6 fe80::6041:a9ff:fea8:c15e/64 scope link
       valid_lft forever preferred_lft forever

cat /etc/network/interfaces:
Code: 
auto lo
iface lo inet loopback

iface enp1s0f0 inet manual

iface enp1s0f1 inet manual

iface enp6s0f0 inet manual

iface enp6s0f1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.250.231/24
        gateway 192.168.250.1
        bridge-ports enp1s0f0
        bridge-stp off
        bridge-fd 0
 
Last edited:
I cannot access locally via it's external IP:
192.168.250.231

Or it's tunnel interface IP:
100.65.0.37

However, on both I can access other applications running on that system:
For example SSH logins, or access virtualizor.
This works from either subnet.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom