[SOLVED] Ubuntu KVM VPS: iptables --ctstate RELATED,ESTABLISHED rule is broken; working on DigitalOcean but not in Proxmox

[johnnyutahh]

2020-09-22: SOLVED: #5

2020-09-21:

Anybody here (at forums.proxmox.com) have a take on this?

https://www.reddit.com/r/linuxadmin/comments/ixeky1/ubuntu_kvm_vps_iptables_ctstate/

 

[spirit]

Hi,
is it talking about iptables inside a guest vm ? (because it's nothing related to proxmox in this case, it's related to guest os kernel).

or about proxmox firewall ?

 

[johnnyutahh]

Hi,
is it talking about iptables inside a guest vm ? (because it's nothing related to proxmox in this case, it's related to guest os kernel).

It is discussing iptables only inside a guest, kvm-based VM, yes. Hence why I posted the primary inquiry to reddit.com/r/linuxadmin, and only a secondary inquiry here. And yes, I agree it does not appear to be related specifically to proxmox (because it's not a proxmox firewall)...

...except...

...the proxmox-LXC-container works just fine with the exact same firewall script, while the lvm-based VM does not. Granted, this still does not seem like a proxmox-specific problem, but this behavior is worth noting.

 

[spirit]

"iptables -A INPUT -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT"

are you sure to have "eth0" inside your guest ? (and not ens18 or other nic name) ?

 

[johnnyutahh]

FIXED: I was indeed specifying the incorrect interface name in the problematic rule. Fixing this (changing from eth0 to ens18 in our case) solved the problem. Thanks @spirit !

"iptables -A INPUT -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT"

are you sure to have "eth0" inside your guest ? (and not ens18 or other nic name) ?

Similar fix discussion:
https://www.reddit.com/r/linuxadmin...?utm_source=reddit&utm_medium=web2x&context=3