[PVE-User] Advices - Proxmox behind L3 or L2 network
alk at ondore.com
Mon Nov 11 17:40:34 CET 2013
El 10/11/13 08:12, Leslie-Alexandre DENIS escribió:
> Thanks Alexandre with your informations, very useful. I intend to do
> something like that but unfortunately I didn't find any good
> router/firewall appliance in my budget to do that on the administration
In my case, the administration network is behind a software router,
actually it is a Xen paravirtualized host (not on any Proxmox machine)
running Debian Linux and a iptables script.
The "public" network is managed by somebody else, and I'm not too aware
of what they use exactly.
> Do you know if it's possible to force Proxmox Web built-in to listen on
> localhost only ? Thus I could build an Apache2 with mod_security as a
> reverse proxy for WAN access.
Can't say how to tweak the Web GUI listening port, it must the in the
documentation somewhere, but the setup you describe does not need that.
Consider a Proxmox system listening on it's own regular port 8006, and a
Apache reverse proxy listening on port 80. Your reverse proxy may use
localhost:8006 as backend server.
Personally, I do not consider a good idea to expose Proxmox directly to
Internet, so I would place the reverse proxy on a multi-homed host,
connected to Proxmox internal network and Internet. In order to use the
build-in access to VNC console, some additional requirements shall be met.
More information about the pve-user