Hi i have strange problem.
On hypervisor 1 i have config in /etc/pve/firewall/cluster.fw
On this hypervisor are some vpses.
VPS1 have one
virtio1 - public ip
virtio1 has ip from range 5.182.XXX.0
VPS2 have two ifaces
virtio1 + virtio2 ( both have public ip)
virtio1 has ip from range 5.182.XXX.0
virtio2 has ip from range 5.182.YYY.0
When firewall is turned off on cluster level ( we have no cluster, only one node ) everythings work fine.
But when FW is on, im not unable ping from VPS1 to VPS2 virtio2 iface ( virtio1 is fine )
Another ips from remote site is ping and connect to VPS2 virtio2 fine in both cases.
Here are pve versions
On hypervisor 1 i have config in /etc/pve/firewall/cluster.fw
Code:
[OPTIONS]
enable: 1
ebtables: 1
[IPSET custom_ips_allow]
5.182.XXX.0/24 # NETWORK-infrastructure
5.182.YYY.0/24 # NETWORK-smtp1
[RULES]
IN ACCEPT -source +custom_ips_allow -log debug
On this hypervisor are some vpses.
VPS1 have one
virtio1 - public ip
virtio1 has ip from range 5.182.XXX.0
VPS2 have two ifaces
virtio1 + virtio2 ( both have public ip)
virtio1 has ip from range 5.182.XXX.0
virtio2 has ip from range 5.182.YYY.0
When firewall is turned off on cluster level ( we have no cluster, only one node ) everythings work fine.
But when FW is on, im not unable ping from VPS1 to VPS2 virtio2 iface ( virtio1 is fine )
Another ips from remote site is ping and connect to VPS2 virtio2 fine in both cases.
Here are pve versions
Code:
proxmox-ve: 7.2-1 (running kernel: 5.15.35-1-pve)
pve-manager: 7.2-4 (running version: 7.2-4/ca9d43cc)
pve-kernel-5.15: 7.2-3
pve-kernel-helper: 7.2-3
pve-kernel-5.11: 7.0-10
pve-kernel-5.15.35-1-pve: 5.15.35-3
pve-kernel-5.11.22-7-pve: 5.11.22-12
pve-kernel-5.11.22-4-pve: 5.11.22-9
ceph-fuse: 14.2.21-1
corosync: 3.1.5-pve2
criu: 3.15-1+pve-1
glusterfs-client: 9.2-1
ifupdown: residual config
ifupdown2: 3.1.0-1+pmx3
libjs-extjs: 7.0.0-1
libknet1: 1.22-pve2
libproxmox-acme-perl: 1.4.2
libproxmox-backup-qemu0: 1.3.1-1
libpve-access-control: 7.1-8
libpve-apiclient-perl: 3.2-1
libpve-common-perl: 7.2-1
libpve-guest-common-perl: 4.1-2
libpve-http-server-perl: 4.1-2
libpve-storage-perl: 7.2-4
libspice-server1: 0.14.3-2.1
lvm2: 2.03.11-2.1
lxc-pve: 4.0.12-1
lxcfs: 4.0.12-pve1
novnc-pve: 1.3.0-3
proxmox-backup-client: 2.2.1-1
proxmox-backup-file-restore: 2.2.1-1
proxmox-mini-journalreader: 1.3-1
proxmox-widget-toolkit: 3.5.1
pve-cluster: 7.2-1
pve-container: 4.2-1
pve-docs: 7.2-2
pve-edk2-firmware: 3.20210831-2
pve-firewall: 4.2-5
pve-firmware: 3.4-2
pve-ha-manager: 3.3-4
pve-i18n: 2.7-2
pve-qemu-kvm: 6.2.0-7
pve-xtermjs: 4.16.0-1
qemu-server: 7.2-3
smartmontools: 7.2-pve3
spiceterm: 3.2-2
swtpm: 0.7.1~bpo11+1
vncterm: 1.7-1
zfsutils-linux: 2.1.4-pve1