Hello everyone,
I've been thoroughly enjoying my Proxmox journey, but I've hit a bit of a stumbling block. My limited background in networking is making troubleshooting a bit challenging. There seem to be many ways to approach the issue, but so far, I haven’t found one that fits my use case.
A bit of background: my network sits behind a pfSense router, and I have a Proxmox node running on a Dell R730 in my closet. The server is connected to my router via a 1 Gbps LAN connection (adding more runs isn't going to be practical) but because I also need to communicate with my iDRAC Ethernet port, I’ve placed an old unmanaged switch between the server and the router. On the Proxmox node, I have several VMs serving as file servers, media servers, a torrent box, and more. I’ve set up firewall rules so that my other network devices, such as streaming devices, can only reach the relevant services and ports, which has been working well. However, I've noticed that all the VMs can communicate with each other despite the rules on my router. I’m unsure whether this is due to the unmanaged switch or the VMs communicating over the Linux bridge.
Now, I’m looking to set up a game server and am prepared to open specific ports to the internet. However, before doing that, I need to ensure this server is isolated from the rest of my VMs. In case it’s compromised, I don’t want it to affect my file server, music collection, family photos, etc. (Don’t worry, I have backups in case the worst happens). I’ve followed various guides and YouTube videos on securing the game server to minimise risks, but the last piece of the puzzle is preventing the game server from reaching other devices on my network.
Using pfSense, I’ve blocked all traffic between the game server and other devices, except for my other VMs. I’ve learned that the VMs don’t communicate through the router but internally, likely over the Linux bridge.
No matter what I do—whether it’s setting firewall rules in pfSense (router) or in Proxmox at the node or VM level, or on the VM's Linux server—I can’t seem to prevent the game server from reaching my other VMs on the same Proxmox node with any typical ruleset. I've tested this with pinging in terminals, and the server is reaching all my other VMs, what gives?
Any advice on how I can properly segregate the game server and protect my other VMs would be greatly appreciated!
I've been thoroughly enjoying my Proxmox journey, but I've hit a bit of a stumbling block. My limited background in networking is making troubleshooting a bit challenging. There seem to be many ways to approach the issue, but so far, I haven’t found one that fits my use case.
A bit of background: my network sits behind a pfSense router, and I have a Proxmox node running on a Dell R730 in my closet. The server is connected to my router via a 1 Gbps LAN connection (adding more runs isn't going to be practical) but because I also need to communicate with my iDRAC Ethernet port, I’ve placed an old unmanaged switch between the server and the router. On the Proxmox node, I have several VMs serving as file servers, media servers, a torrent box, and more. I’ve set up firewall rules so that my other network devices, such as streaming devices, can only reach the relevant services and ports, which has been working well. However, I've noticed that all the VMs can communicate with each other despite the rules on my router. I’m unsure whether this is due to the unmanaged switch or the VMs communicating over the Linux bridge.
Now, I’m looking to set up a game server and am prepared to open specific ports to the internet. However, before doing that, I need to ensure this server is isolated from the rest of my VMs. In case it’s compromised, I don’t want it to affect my file server, music collection, family photos, etc. (Don’t worry, I have backups in case the worst happens). I’ve followed various guides and YouTube videos on securing the game server to minimise risks, but the last piece of the puzzle is preventing the game server from reaching other devices on my network.
Using pfSense, I’ve blocked all traffic between the game server and other devices, except for my other VMs. I’ve learned that the VMs don’t communicate through the router but internally, likely over the Linux bridge.
No matter what I do—whether it’s setting firewall rules in pfSense (router) or in Proxmox at the node or VM level, or on the VM's Linux server—I can’t seem to prevent the game server from reaching my other VMs on the same Proxmox node with any typical ruleset. I've tested this with pinging in terminals, and the server is reaching all my other VMs, what gives?
Any advice on how I can properly segregate the game server and protect my other VMs would be greatly appreciated!
Last edited: