[PVE-User] Proxmox in DMZ

Holger Ernst he at ernstdatenmedien.de
Mon Nov 21 11:12:20 CET 2011

Why would you want to put the host (interface) into a DMZ?
>From my point of view the managing network should never be exposed. And there is no need to do so (at least I can not imagine one).

Regards, Holger

-----Ursprüngliche Nachricht-----
Von: pve-user-bounces at pve.proxmox.com [mailto:pve-user-bounces at pve.proxmox.com] Im Auftrag von lst_hoe02 at kwsoft.de
Gesendet: Freitag, 18. November 2011 13:32
An: pve-user at pve.proxmox.com
Betreff: [PVE-User] Proxmox in DMZ


we are testing Proxmox and would like to get some Input about securing  
the HW Node. We like to limit ssh, the webinterface and deny the rest  
with ip(6)tables which should be trouble free. What i'm unsure is

- Would this break anything from Proxmox point of view?

- What ports/connections/directions would be needed for clustering  
with a server outside the DMZ?

- Is it possible to install our own SSL/TLS certificate instead the  
self created?

There will be no NFS used on this node so maybe it would be save to  
turn off portmapper/statd?

Many Thanks


More information about the pve-user mailing list