Traffik between nodes using external port 8006


Renowned Member
Apr 6, 2011

I have a 7 nodes cluster communicating with a private network.
I just noticed there's a connection between a random port of one of them to the public IP of another on port 8006:

14:34:52.461001 IP node5public.47128 > node3public.8006: Flags [.], ack 49438, win 501, options [nop,nop,TS val 520091568 ecr 6844307], length 0

# ss -tp | grep 47128
ESTAB      0      0               node5public:47128             node3public:8006                 users:(("pveproxy worker",pid=27646,fd=12))

Is it to be expected? what is this connection for?

Thanks in advance

Is it to be expected? what is this connection for?
First, I don't know, but if I would be tasked to inspect, I would record the traffic via tcpdump, open in wireshark and use the PVE internal SSL certificates to try to break the encrypted packages. If this is already TLS 1.3, I would try to inject into the perl server some debugging stuff to get the session keys in order to break the encryption.

it seems that post was simply overlooked.

to answer the initial question
Is it to be expected? what is this connection for?
when an api call for node 'A' reaches node 'B', that node 'B' proxies the connection to node 'A', which actually does the work and sends the response back.
this way it does not really matter which node you reach with the api, it'll be always forwarded to the correct one


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!