Hi, I'm new to proxmox ve and recently I moved from UFW firewall to the internal proxmox firewall.
Currently this is my situation:
-Datacenter: input policy: drop; output policy: accept; forward policy: accept.
Security groups:
srv-c: direction: in, action: accept, macro: Ping, DNS, NTP, Web, SMB.
srv-cups: direction: in, action: accept, protocol: tcp, d-port: 631
-Node:
1) & 2) direction: in, action: accept, interface: vmbr0, source: 192.168.4.0/24, d-port 8006, 256
3) Security group: srv-c
Initially all my services were working, but I was concerned about how secure was the whole network, so I decided to move on from UFW to proxmox's native firewall system, but unfortunately now I cannot reach my debian 13 vm which I used as a printing server.
Currently I have two networks:
1) 192.168.1.0/24
2) 192.168.4.0/24
Proxmox ip address is 192.168.4.20/24, while the VM 192.168.4.23/24. I was actually dumbfounded when I discovered that other services running inside containers like Jellyfin and Immich were completely reachable. I'm able to ping the VM, the forwarding option inside /etc/sysctl.conf is enables, but it seems like that all of the VM services are reachable only inside proxmox and not in the whole network.
SSH doesn't work unless I try and log in from the node, strangely enough when I try to reach CUPS from, for example, 192.168.4.64, not only the connection is refused, but SSH crashes and the only way to restore it is to performe a systemctl restart networking inside the VM.
For some reason if all the firewalls are disabled CUPS can be reached and SSH works just fine. For sure I messed up something.
Currently this is my situation:
-Datacenter: input policy: drop; output policy: accept; forward policy: accept.
Security groups:
srv-c: direction: in, action: accept, macro: Ping, DNS, NTP, Web, SMB.
srv-cups: direction: in, action: accept, protocol: tcp, d-port: 631
-Node:
1) & 2) direction: in, action: accept, interface: vmbr0, source: 192.168.4.0/24, d-port 8006, 256
3) Security group: srv-c
Initially all my services were working, but I was concerned about how secure was the whole network, so I decided to move on from UFW to proxmox's native firewall system, but unfortunately now I cannot reach my debian 13 vm which I used as a printing server.
Currently I have two networks:
1) 192.168.1.0/24
2) 192.168.4.0/24
Proxmox ip address is 192.168.4.20/24, while the VM 192.168.4.23/24. I was actually dumbfounded when I discovered that other services running inside containers like Jellyfin and Immich were completely reachable. I'm able to ping the VM, the forwarding option inside /etc/sysctl.conf is enables, but it seems like that all of the VM services are reachable only inside proxmox and not in the whole network.
SSH doesn't work unless I try and log in from the node, strangely enough when I try to reach CUPS from, for example, 192.168.4.64, not only the connection is refused, but SSH crashes and the only way to restore it is to performe a systemctl restart networking inside the VM.
For some reason if all the firewalls are disabled CUPS can be reached and SSH works just fine. For sure I messed up something.
