Wireguard with Proxmox KVM Machine and Proxmox Firewall

[redjohn]

Hello,

I have installed Wireguard in Proxmox KVM virtual Ubuntu Machine, because many changes must be do for running it into a lxc container. My Wireguard works fine clients can connect and everything worked. So my Wireguard VM have a network adapter with a public ip address. So I enabled the Proxmox Firewall for this Network Card. Settings were like this:

Firewall: YES
Input Policy: DROP
Output Policy: DROP

I have only open the required ports on this KVM Machine. But after I enabled the Proxmox VM for this network adapter the clients in the WireGuard VPN can't ping each other anymore! But why?

I checked the server, two interfaces ens18 and wg0. First one with public ip, second one for Wireguard server. I also checked iptables -L -t nat on the machine

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        
MASQUERADE  all  --  anywhere             anywhere          
MASQUERADE  all  --  anywhere             anywhere

Any idea why proxmox firewall is blocking this? What can I do that this is working with Promox Firewall? I have also set the clients listen port the static port e.g. 51280 and open this on proxmox firewall but nothing changed.

Hope anyone can help me!

Regards

 

[Stefan_R]

Could you post your firewall configuration? (/etc/pve/firewall/*.fw files, pve-firewall compile on the PVE host)