[PVE-User] Advices - Proxmox behind L3 or L2 network

[Alexandre Kouznetsov]

Hello.

El 10/11/13 08:12, Leslie-Alexandre DENIS escribió:
> Thanks Alexandre with your informations, very useful. I intend to do
> something like that but unfortunately I didn't find any good
> router/firewall appliance in my budget to do that on the administration
> side.
In my case, the administration network is behind a software router, 
actually it is a Xen paravirtualized host (not on any Proxmox machine) 
running Debian Linux and a iptables script.
The "public" network is managed by somebody else, and I'm not too aware 
of what they use exactly.

> Do you know if it's possible to force Proxmox Web built-in to listen on
> localhost only ? Thus I could build an Apache2 with mod_security as a
> reverse proxy for WAN access.
Can't say how to tweak the Web GUI listening port, it must the in the 
documentation somewhere, but the setup you describe does not need that.
Consider a Proxmox system listening on it's own regular port 8006, and a 
Apache reverse proxy listening on port 80. Your reverse proxy may use 
localhost:8006 as backend server.

Personally, I do not consider a good idea to expose Proxmox directly to 
Internet, so I would place the reverse proxy on a multi-homed host, 
connected to Proxmox internal network and Internet. In order to use the 
build-in access to VNC console, some additional requirements shall be met.

-- 
Alexandre Kouznetsov