Restrict access to LAN

J

johnha

Well-Known Member
Jan 1, 2018
34
5
48
I'm experimenting with the Security Group feature for the first time. I've read the documentation but can't quite put my finger on it...
I have a KVM running LMDE and want it to be able to access the internet, but not any devices on the LAN. The use case is to give users linux virtual machines to experiment on, but not allow them access to my LAN.

I created a new security group with the GUI using:
Direction: out
Action: DROP
Interface: net0 (from the Hardware tab)
Source: blank
Destination: 192.168.1.0/24
Protocol: blank

But that doesn't seem to work... I've tried with Protocol TCP and UDP as well to no avail...
Any help would be appreciated for this newbie question. Thanks!
 
hi,

johnha said:
The use case is to give users linux virtual machines to experiment on, but not allow them access to my LAN.
Click to expand...
in my opinion it would make more sense to either
* add drop rules for that in the VM firewalls (maybe you forgot to activate the group inside there?)
or
* set up a firewall VM like pfsense for managing your subnet(s)

johnha said:
I'm experimenting with the Security Group feature for the first time. I've read the documentation but can't quite put my finger on it...
Click to expand...
please post the rules from /etc/pve/firewall/cluster.fw file here and the VM's firewall rules from /etc/pve/firewall/<VMID>.fw [0]

[0]: https://pve.proxmox.com/pve-docs/pve-admin-guide.html#pve_firewall_security_groups
 
Thank you for your response @oguz

Code: 
root@pve:~# cat /etc/pve/firewall/cluster.fw
[group ssh-in]

IN SSH(ACCEPT) -log nolog

[group windows-lock]

OUT DROP -log nolog

root@pve:~# cat /etc/pve/firewall/100.fw
[RULES]

OUT DROP -i net0 -dest 192.168.1.0/24 -log nolog
 
Code: 
root@pve:~# cat /etc/pve/firewall/100.fw
[RULES]

OUT DROP -i net0 -dest 192.168.1.0/24 -log nolog

you didn't add the security group inside your VM config. see the link above in my previous post :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back