Proxmox 5.2 VM SSH

Question

Good day Team,

Trust you are doing well,

I have Loaded new Proxmox 5.2 on bare Metel. Its quite different than earlier version. However, having difficulty in configuring the SSH sessions for the VMs running inside proxmox.

Firewall is really tricky and not able to put my head around. I really require some assistance.

Proxmox 5.2-1

"Datacenter Firewall Options Enable" "Datacenter Firewall Option Input Policy ACCEPT" "Datacenter Firewall Option Output policy ACCEPT"

Further more "Datacenter Firewall IPSET Admin IP subnets are listed here to allow access to the proxmox server via specific IPs. "

Datacenter Firewall Add Rule Accept "Source Admin" vmbr0 I have kept Destination emplty, no macro, no protocol, no source port, no destination port

I believe that should allow full access inside the server itself via the Listed IPs inside IPset, but that's not the case.

May I ask if someone is available here who knows how to work with this firewall?

Thanks.

Is there a specific question you have? This isn't a place to network to find help and do things outside of the website. Instead, this place is for posting specific technical questions after you've done your own trial-and-error and research. — Kalnode, Sep 05 '18 at 16:32
I think the question was with big open ended answer. You are right. However, the question was posted after testing and trying. — techjaymindave, Sep 12 '18 at 19:38
I did find the solution: The file /etc/pve/firewall/cluster.fw is the one that's controlling online GUI. Enabling and Disabling Firewall from backend works via pve-firewall enable pve-firewall disable There's no way to allow all the traffic. Hence, I had to define proper set of the rules that I had to apply based on the Debien Firewall. — techjaymindave, Sep 12 '18 at 19:39
My Specific Question is as below: How would you apply all traffic coming in and going out on this firewall? — techjaymindave, Sep 12 '18 at 19:42

score 0 · Answer 1 · answered Sep 12 '18 at 19:45

I did find the solution: The file /etc/pve/firewall/cluster.fw is the one that's controlling online GUI.

Enabling and Disabling Firewall from backend works via pve-firewall enable pve-firewall disable

There's no way to allow all the traffic. Hence, I had to define proper set of the rules that I had to apply based on the Debien Firewall.

My Specific Question is as below: How would you apply all traffic coming in and going out on this firewall? How would you debug which rule is making the block of the traffic coming in or leaving server in real time?

score 0 · Answer 2 · answered Dec 20 '21 at 17:53

FW is disabled by default.

Datacenter -> Firewall -> Options -> Firewall Yes/No
Nodename -> Firewall -> Options -> Firewall Yes/No
each VM -> Hardware -> Network device -> Firewall checked/unchecked

Thats not difficult at all. Better do it in GUI. You can make way more mistakes by editing firewall in shell. If all FW settings are disabled in PMOX you should check some iptables in OS or just use tcpdump, tshark to investigate.

Proxmox 5.2 VM SSH

2 Answers2