Vlan Firewall (possble) bug?

onepamopa

Active Member
Dec 1, 2019
94
13
28
39
Hey guys, I think there is a bug @ PVE's firewall when doing vlans.

Here's my setup:
Home "server" - PVE 6.2-4 - only has 1 Ethernet interface.

1. Mikrotik router connected to fiber-ONT bridged port - gets an external IP via DHCP and does nat / masq on 192.168.100.0/24 for the internal network.

2. Mikrotik also has a tagged "Vlan 2" reachable from all ports - that does bridge to the outside, so anyone tagged in Vlan 2 is able to get external IP address from the ISP (bypassing Mikrotik).

3. The PVE host and 3 of the VMs get IPs from the Mikrotik router - 192.168.100.0/24 - all OK here.

4. I have 2 VMs that need external IPs, so I place their network interfaces in Vlan 2 and they are able to receive an external IP, and communicate normally.

The firewall on the VMs with interfaces in Vlan 2 doesn't work at all. I've tried everything I could think of, none of the rules do anything.
I've tried adding interface net0 to the rules, however, that did nothing.

Does anyone have any idea why in this setup type the firewall doesn't work at all, and, how to make it work?

Let me know if you need more information.

Regards,
D
 
Yes, all works okay, it was my fault :) In any case, if anyone is interested in a similar setup - let me know and I'll show you the mikrotik config.
 
  • Like
Reactions: Moayad

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!