Hello! I'm running a proxmox server in a dedicated server environment and I would like to only access the management UI via WireGuard tunnel. My question is how can I limit access via IP only to the proxmox management UI but leave my VM's still exposed to the internet? Thanks for the help~
Restrict Proxmox UI to single IP
- Thread starter Nodemansland
- Start date
Either via the integrated firewall or another option could be to specify the IP address on which the pveproxy service should listen on: https://pve.proxmox.com/pve-docs/pveproxy.8.html#pveproxy_listening_address
I set the pveproxy file to read: LISTEN_IP="1.2.3.4" saved it, restarted pveproxy and spiceproxy, connected to the VPN and I was unable to connect from my VPN or any other IP...
I've found a work around to use the firewall to allow the VPN only, But I am just wondering what the benefits are using the method above vs the firewall? Thank you again for the help!
I've found a work around to use the firewall to allow the VPN only, But I am just wondering what the benefits are using the method above vs the firewall? Thank you again for the help!
Last edited:
Having LISTEN_IP set to 0.0.0.0 means that the daemons will listen on the ports (e.g. 8006/tcp for the Web UI) on all interfaces. Setting it to a specific interface IP results in the daemons only listening to the ports on that specific IP, which means that there is no need to block traffic on other interfaces using a Firewall (that last part is very much simplified)
Both methods achieve the same goal in different ways (blocking incoming traffic vs. not listening to the port in the first place)
Both methods achieve the same goal in different ways (blocking incoming traffic vs. not listening to the port in the first place)
