Restrict access to a VM (all ports) to a whitelist IP list only

ATX

New Member
Nov 5, 2019
20
0
1
36
Hi

I am try to achieve the following:
  • Only a certain list of IP must be able to access the VM (80, 8080, but, in general all ports).
  • IP that are not in the list will have their packets DROP/REJECT.
The goal is to only allow the access from two physical sites that do have a static IP address but not hardware to setup a VPN connection.

Could you please advice on how to do so ? I have been playing with firewall options through the web UI but without success.


Thanks & Regards
 
You can take advantage of the fact that rules are processed top to bottom. For you use-case, two rules should be sufficient (note the order):
  • in ACCEPT from IPSet 'whitelist' (which contains all IPs you want to whitelist)
  • in DROP/REJECT (no further settings, drop everything not matched above)
Use drag and drop to re-order rules in the GUI.
 
For a similar problem, I did the same configuration, but I had a dns problem in the vm ...
 
So I have an ovh dedicated server , I installed proxmox, created the bridge network , for every vm inside proxmox I ordred an IP failover from ovh, at this step all is ok.
Then I wanted to restrict acces to the created promox vms only from the ovh server, so I activated the firewall, then problem started

I didn't add any special rule, just activated the firewall, now I can already access to promox vms only from the ovh server hosting proxmox.
From the proxmox vms, I can ping , but no dns :
 

Attachments

  • 1.png
    1.png
    99.6 KB · Views: 44
for both , I am using ovh dns 213.186.33.99
 

Attachments

  • 1.png
    1.png
    173.6 KB · Views: 37
Yes , I even added these rules in host and vm level , but nothing
 

Attachments

  • 1.png
    1.png
    2.6 KB · Views: 15
The only location where I have set the dns is , inside the proxmox windows vm a I shared before, and in ovh server level
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!