Hey guys, I think there is a bug @ PVE's firewall when doing vlans.
Here's my setup:
Home "server" - PVE 6.2-4 - only has 1 Ethernet interface.
1. Mikrotik router connected to fiber-ONT bridged port - gets an external IP via DHCP and does nat / masq on 192.168.100.0/24 for the internal network.
2. Mikrotik also has a tagged "Vlan 2" reachable from all ports - that does bridge to the outside, so anyone tagged in Vlan 2 is able to get external IP address from the ISP (bypassing Mikrotik).
3. The PVE host and 3 of the VMs get IPs from the Mikrotik router - 192.168.100.0/24 - all OK here.
4. I have 2 VMs that need external IPs, so I place their network interfaces in Vlan 2 and they are able to receive an external IP, and communicate normally.
The firewall on the VMs with interfaces in Vlan 2 doesn't work at all. I've tried everything I could think of, none of the rules do anything.
I've tried adding interface net0 to the rules, however, that did nothing.
Does anyone have any idea why in this setup type the firewall doesn't work at all, and, how to make it work?
Let me know if you need more information.
Regards,
D
Here's my setup:
Home "server" - PVE 6.2-4 - only has 1 Ethernet interface.
1. Mikrotik router connected to fiber-ONT bridged port - gets an external IP via DHCP and does nat / masq on 192.168.100.0/24 for the internal network.
2. Mikrotik also has a tagged "Vlan 2" reachable from all ports - that does bridge to the outside, so anyone tagged in Vlan 2 is able to get external IP address from the ISP (bypassing Mikrotik).
3. The PVE host and 3 of the VMs get IPs from the Mikrotik router - 192.168.100.0/24 - all OK here.
4. I have 2 VMs that need external IPs, so I place their network interfaces in Vlan 2 and they are able to receive an external IP, and communicate normally.
The firewall on the VMs with interfaces in Vlan 2 doesn't work at all. I've tried everything I could think of, none of the rules do anything.
I've tried adding interface net0 to the rules, however, that did nothing.
Does anyone have any idea why in this setup type the firewall doesn't work at all, and, how to make it work?
Let me know if you need more information.
Regards,
D