Restrict access to LAN

J

johnha

Well-Known Member
Jan 1, 2018
36
6
48
I'm experimenting with the Security Group feature for the first time. I've read the documentation but can't quite put my finger on it...
I have a KVM running LMDE and want it to be able to access the internet, but not any devices on the LAN. The use case is to give users linux virtual machines to experiment on, but not allow them access to my LAN.

I created a new security group with the GUI using:
Direction: out
Action: DROP
Interface: net0 (from the Hardware tab)
Source: blank
Destination: 192.168.1.0/24
Protocol: blank

But that doesn't seem to work... I've tried with Protocol TCP and UDP as well to no avail...
Any help would be appreciated for this newbie question. Thanks!
 
hi,

johnha said:
The use case is to give users linux virtual machines to experiment on, but not allow them access to my LAN.
Click to expand...
in my opinion it would make more sense to either
* add drop rules for that in the VM firewalls (maybe you forgot to activate the group inside there?)
or
* set up a firewall VM like pfsense for managing your subnet(s)

johnha said:
I'm experimenting with the Security Group feature for the first time. I've read the documentation but can't quite put my finger on it...
Click to expand...
please post the rules from /etc/pve/firewall/cluster.fw file here and the VM's firewall rules from /etc/pve/firewall/<VMID>.fw [0]

[0]: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pve_firewall_security_groups
 
Thank you for your response @oguz

Code: 
root@pve:~# cat /etc/pve/firewall/cluster.fw
[group ssh-in]

IN SSH(ACCEPT) -log nolog

[group windows-lock]

OUT DROP -log nolog

root@pve:~# cat /etc/pve/firewall/100.fw
[RULES]

OUT DROP -i net0 -dest 192.168.1.0/24 -log nolog
 
Code: 
root@pve:~# cat /etc/pve/firewall/100.fw
[RULES]

OUT DROP -i net0 -dest 192.168.1.0/24 -log nolog

you didn't add the security group inside your VM config. see the link above in my previous post :)
 
You must log in or register to reply here.
Top Bottom