pve-firewall enable dropped me out

T

tirili

Member
Sep 19, 2018
55
1
8
50
Having enabled via Datacenter>Firewall>Options Firewall enable did drop me out.
How can I change the /etc/pve/firewall/cluster.fw hence I do not have any access to my host now.
Any hints are welcome.
 
I know, this is always possible. But is there any way, having booted it into a rescue system and having access to the disks?
I ask, as /etc/pve is mounted via fuse, which is not available in rescue system.
 
tirili said:
I know, this is always possible. But is there any way, having booted it into a rescue system and having access to the disks?
I ask, as /etc/pve is mounted via fuse, which is not available in rescue system.
Click to expand...

you can disable the pve-firewall systemd service and reboot into the regular (non-rescue) environment
 
disabling the systemd service in rescue environment was possible.
Is there another way to change /etc/pve/firewall/cluster.fw from an rescue environment, and not to have disabling it?
 
tirili said:
disabling the systemd service in rescue environment was possible.
Is there another way to change /etc/pve/firewall/cluster.fw from an rescue environment, and not to have disabling it?
Click to expand...

you can also manually start pmxcfs, but that is potentially more dangerous.
 
turn it off and change the option that drops all in connections to allow, then you can re enable it
 
tirili said:
Having enabled via Datacenter>Firewall>Options Firewall enable did drop me out.
How can I change the /etc/pve/firewall/cluster.fw hence I do not have any access to my host now.
Any hints are welcome.
Click to expand...

Me too. Proxmox supposed to leave open 8006 and 22 ports, didnt it? Or before we activating datacenter's firewall, we must add these port rules?

(I'm only practising it, i don't lose any data. Only I want to know how to configure it properly.)

My Proxmox Version is : pve-manager/5.3-6/37b3c8df (running kernel: 4.15.18-9-pve)
My Debian Version is : 9.6
 
Last edited:
Mustafa YILDIZ said:
Me too. Proxmox supposed to leave open 8006 and 22 ports, didnt it? Or before we activating datacenter's firewall, we must add these port rules?

(I'm only practising it, i don't lose any data. Only I want to know how to configure it properly.)

My Proxmox Version is : pve-manager/5.3-6/37b3c8df (running kernel: 4.15.18-9-pve)
My Debian Version is : 9.6
Click to expand...

I found this:

https://pve.proxmox.com/wiki/Firewall

"If you enable the firewall, traffic to all hosts is blocked by default. Only exceptions is WebGUI(8006) and ssh(22) from your local network.
If you want to administrate your Proxmox VE hosts from remote, you need to create rules to allow traffic from those remote IPs to the web GUI (port 8006). You may also want to allow ssh (port 22), and maybe SPICE (port 3128).

Please open a SSH connection to one of your Proxmox VE hosts before enabling the firewall. That way you still have access to the host if something goes wrong .
To simplify that task, you can instead create an IPSet called “management”, and add all remote IPs there. This creates all required firewall rules to access the GUI from remote."
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back