Restrict Proxmox UI to single IP

Nodemansland

New Member
Nov 1, 2024
2
0
1
Hello! I'm running a proxmox server in a dedicated server environment and I would like to only access the management UI via WireGuard tunnel. My question is how can I limit access via IP only to the proxmox management UI but leave my VM's still exposed to the internet? Thanks for the help~
 
I set the pveproxy file to read: LISTEN_IP="1.2.3.4" saved it, restarted pveproxy and spiceproxy, connected to the VPN and I was unable to connect from my VPN or any other IP...

I've found a work around to use the firewall to allow the VPN only, But I am just wondering what the benefits are using the method above vs the firewall? Thank you again for the help!
 
Last edited:
Having LISTEN_IP set to 0.0.0.0 means that the daemons will listen on the ports (e.g. 8006/tcp for the Web UI) on all interfaces. Setting it to a specific interface IP results in the daemons only listening to the ports on that specific IP, which means that there is no need to block traffic on other interfaces using a Firewall (that last part is very much simplified)

Both methods achieve the same goal in different ways (blocking incoming traffic vs. not listening to the port in the first place)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!