I wanted to firewall a specific vm. I set a rule that should allow ssh in at the vm and then enabled the firewall for the vm and for the data center. My rule didn't work and I disabled the firewall at data center level. But my vms and lxcs are still not reachable.
I can:
Some checks:
I disabled firewall on datacenter, node and vm levels
ufw status on a vm allows ssh
Rebooting the node did not help.
I then re-enabled firewall on data center level and set Input Policy to ACCEPT, but I still can't reach my vms. During my tinkering, they are sometimes running into a timeout and sometimes instantly failing, I guess that's the difference between DROP and REJECT, but should they not be reacheable if the firewall is disabled on every level?
I can:
- ssh into proxmox node
- open proxmox web interface
- open vm's novnc console in web interface
- see the vms in my router's list of connected devices
- ping my vms
- ssh into my vms
- open their web apps on their ports
- ping any website from the vm (via novnc)
Some checks:
I disabled firewall on datacenter, node and vm levels
Code:
pve-firewall status
Status: disabled/stoppedufw status on a vm allows ssh
Rebooting the node did not help.
I then re-enabled firewall on data center level and set Input Policy to ACCEPT, but I still can't reach my vms. During my tinkering, they are sometimes running into a timeout and sometimes instantly failing, I guess that's the difference between DROP and REJECT, but should they not be reacheable if the firewall is disabled on every level?
