Restrict access to a VM (all ports) to a whitelist IP list only

A

ATX

New Member
Nov 5, 2019
20
0
1
37
Hi

I am try to achieve the following:
  • Only a certain list of IP must be able to access the VM (80, 8080, but, in general all ports).
  • IP that are not in the list will have their packets DROP/REJECT.
The goal is to only allow the access from two physical sites that do have a static IP address but not hardware to setup a VPN connection.

Could you please advice on how to do so ? I have been playing with firewall options through the web UI but without success.


Thanks & Regards
 
You can take advantage of the fact that rules are processed top to bottom. For you use-case, two rules should be sufficient (note the order):
  • in ACCEPT from IPSet 'whitelist' (which contains all IPs you want to whitelist)
  • in DROP/REJECT (no further settings, drop everything not matched above)
Use drag and drop to re-order rules in the GUI.
 
For a similar problem, I did the same configuration, but I had a dns problem in the vm ...
 
So I have an ovh dedicated server , I installed proxmox, created the bridge network , for every vm inside proxmox I ordred an IP failover from ovh, at this step all is ok.
Then I wanted to restrict acces to the created promox vms only from the ovh server, so I activated the firewall, then problem started

I didn't add any special rule, just activated the firewall, now I can already access to promox vms only from the ovh server hosting proxmox.
From the proxmox vms, I can ping , but no dns :
 

Attachments

  • 1.png
    1.png
    99.6 KB · Views: 48
for both , I am using ovh dns 213.186.33.99
 

Attachments

  • 1.png
    1.png
    173.6 KB · Views: 40
Yes , I even added these rules in host and vm level , but nothing
 

Attachments

  • 1.png
    1.png
    2.6 KB · Views: 16
The only location where I have set the dns is , inside the proxmox windows vm a I shared before, and in ovh server level
 
You must log in or register to reply here.
Top Bottom