I've upgraded a 5.2 system to latest 6.3 and experiencing something I've never before. It might or might not be PVE related, I have no idea. The gist of it, is I have a custom iptables firewall that loads without problems and does work. I had to allow a new IP for admin access, something like:
1.2.3.4 is the remote IP, 2.3.4.5 is the local public IP for direct access of the host. It also shows in `iptables -L`. But it doesn't work. Something like the following doesn't work, either:
So allow all on the INPUT chain, without any other parameters, is inefective. I can't add effective rules. I was thinking that maybe some cgroup napespace interferes, I don't know. Never seen such thing. PVE firewall is disabled. No other rules than my own. No ebtables rules and no HW firewall. tcpdump shows that the packets are coming in, but there's no reply. Existing rules that get loaded on boot are working fine.
Any help or hints are greatly appreciated.
Code:
iptables -A INPUT -s 1.2.3.4/32 -d 2.3.4.5/32 -i vmbr0 -p tcp -m state --state NEW -m multiport --dports 2222,8006 -j ACCEPT1.2.3.4 is the remote IP, 2.3.4.5 is the local public IP for direct access of the host. It also shows in `iptables -L`. But it doesn't work. Something like the following doesn't work, either:
Code:
iptables -I INPUT -j ACCEPT
or
iptables -P INPUT ACCEPTSo allow all on the INPUT chain, without any other parameters, is inefective. I can't add effective rules. I was thinking that maybe some cgroup napespace interferes, I don't know. Never seen such thing. PVE firewall is disabled. No other rules than my own. No ebtables rules and no HW firewall. tcpdump shows that the packets are coming in, but there's no reply. Existing rules that get loaded on boot are working fine.
Any help or hints are greatly appreciated.