I've looked at the forum post:
https://forum.proxmox.com/threads/pve-firewall-and-gui-access.88720/
This is essentially identical to my issue.
To speed things up, I wanted to provide the discovery information that is typically requested.
ss -antlp:
We are importantly seeing "*:8006"
cat /etc/hosts
cat /etc/pve/nodes/esx2/host.fw
Environment Info:
Proxmox VE 7.0-1
Virtualizor installed: [version 3.0.6]
(This still works perfectly fine)
NeoRouter Installed: (similar to logmein hamachii; meets zerotier) [version 2.6.2.5020]
(This still works perfectly fine)
The system worked (survived) several reboots, but I'm unable to access the Web-Gui.
Troubleshooting:
I have tried disabling neorouter which uses a nrtap interface.
Shutting down the firewall:
Restarting the pveproxy (GUI):
But I'm still unable to access the system's administrative web portal at https://IPADDRESS:8006
For good measure I did add the suggested fix there into the firewall: (I just removed the interface restriction, and IP address biding requirements)
nano /etc/pve/nodes/esx2/host.fw
Then enabled/restarted the firewall, as well as the proxy.
Interface List:
ip addr
cat /etc/network/interfaces:
https://forum.proxmox.com/threads/pve-firewall-and-gui-access.88720/
This is essentially identical to my issue.
To speed things up, I wanted to provide the discovery information that is typically requested.
ss -antlp:
We are importantly seeing "*:8006"
Code:
LISTEN 0 4096 *:8006 *:* users:(("pveproxy worker",pid=270420,fd=6),("pveproxy worker",pid=270419,fd=6),("pveproxy worker",pid=270418,fd=6),("pveproxy",pid=270417,fd=6))cat /etc/hosts
Code:
127.0.0.1 localhost.localdomain localhost
192.168.250.231 esx2.virtualhost.me esx2cat /etc/pve/nodes/esx2/host.fw
Code:
[RULES]
IN ACCEPT -p tcp -dport 4081 -log nolog # Virtualizor -
IN ACCEPT -p tcp -dport 4082 -log nolog # Virtualizor -
IN ACCEPT -p tcp -dport 4083 -log nolog # Virtualizor -
IN ACCEPT -p tcp -dport 4084 -log nolog # Virtualizor - HTTP
IN ACCEPT -p tcp -dport 4085 -log nolog # Virtualizor - HTTPSEnvironment Info:
Proxmox VE 7.0-1
Virtualizor installed: [version 3.0.6]
(This still works perfectly fine)
NeoRouter Installed: (similar to logmein hamachii; meets zerotier) [version 2.6.2.5020]
(This still works perfectly fine)
The system worked (survived) several reboots, but I'm unable to access the Web-Gui.
Troubleshooting:
I have tried disabling neorouter which uses a nrtap interface.
Shutting down the firewall:
Code:
pve-firewall stopRestarting the pveproxy (GUI):
Code:
service pveproxy restartBut I'm still unable to access the system's administrative web portal at https://IPADDRESS:8006
For good measure I did add the suggested fix there into the firewall: (I just removed the interface restriction, and IP address biding requirements)
nano /etc/pve/nodes/esx2/host.fw
Code:
IN ACCEPT -p tcp -dport 8006 -log nolog # TCP ADMIN HTTPS ACCESS
IN ACCEPT -p udp -dport 8006 -log nolog # UDP ADMIN HTTPS ACCESSThen enabled/restarted the firewall, as well as the proxy.
Interface List:
ip addr
Code:
root@esx2:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
link/ether ac:1f:6b:56:70:12 brd ff:ff:ff:ff:ff:ff
3: enp1s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ac:1f:6b:56:70:13 brd ff:ff:ff:ff:ff:ff
4: enp6s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ac:1f:6b:56:70:14 brd ff:ff:ff:ff:ff:ff
5: enp6s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ac:1f:6b:56:70:15 brd ff:ff:ff:ff:ff:ff
6: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether ac:1f:6b:56:70:12 brd ff:ff:ff:ff:ff:ff
inet 192.168.250.231/24 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::ae1f:6bff:fe56:7012/64 scope link
valid_lft forever preferred_lft forever
9: nrtap: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1300 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether d2:ed:e3:b2:19:9a brd ff:ff:ff:ff:ff:ff
inet 100.65.0.37/22 brd 100.65.3.255 scope global nrtap
valid_lft forever preferred_lft forever
inet6 fe80::6041:a9ff:fea8:c15e/64 scope link
valid_lft forever preferred_lft forevercat /etc/network/interfaces:
Code:
auto lo
iface lo inet loopback
iface enp1s0f0 inet manual
iface enp1s0f1 inet manual
iface enp6s0f0 inet manual
iface enp6s0f1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.250.231/24
gateway 192.168.250.1
bridge-ports enp1s0f0
bridge-stp off
bridge-fd 0
Last edited: