Which network ports are required

[Jens_Le]

What port forwarding is required when Proxmox Back Server is behind a firewall?

 

[tom]

8007

 

[foosec]

8007

Hello,

Is this the only port required for remote sync to function?

 

[tom]

Hello,

Is this the only port required for remote sync to function?

Yes.

 

[floh79]

Do we only need TCP? Or UDP? Or both?

Best regards
Floh

 

[tom]

TCP only.

 

[floh79]

Thanx!

 

[Tmanok]

Wow, this is really impressive Tom. Is there guidance for remote installations? Should there be a VPN connection or do you think that allow-listing the source would protect it enough while port forwarding?

 

[floh79]

It’s always better to keep the port closed if possible. So better use VPN.

I don’t use VPN in that case but I opened the port only for specific source IP addresses (so only addresses of my Nodes). All other Source IPs are blocked by Firewall.
Maybe it will give you some idea.

Best regards
Floh

 

[Tmanok]

I don’t use VPN in that case but I opened the port only for specific source IP addresses (so only addresses of my Nodes). All other Source IPs are blocked by Firewall.

Ok so rather than letting the router perform the allow-list, you told the PVE firewall to perform this? I think I will simply let my router's firewall perform this.

Thanks Floh,
Tmanok

 

[floh79]

No, I have a dedicated machine as firewall (OPNsense) and Proxmox Backup Server is running as VM on my QNAP.

 

[Tmanok]

No, I have a dedicated machine as firewall (OPNsense) and Proxmox Backup Server is running as VM on my QNAP.

Oh nice, I just setup two OPNSense routers, so much higher performance, even on weak old xeons! Why spend thousands on something with 1-4GB of RAM and a few ARM CPU cores when you can build a better version for a couple hundred?