[PVE-User] Internet facing Proxmox
Guy Plunkett
guy at britewhite.net
Mon Sep 15 09:43:37 CEST 2014
I would strongly suggest against this or indeed any way to put proxmox directly on the internet.
The way I go about this would be to create a private network inside proxmox and host a real firewall system such as pfsense (pfsense.org) to front the internet and then use PPTP or OpenVPN to connect into the network. Much safer.
Cheers,
--Guy
On 15 Sep 2014, at 08:31, Eneko Lacunza <elacunza at binovo.es> wrote:
> You can also setup iptables so that only your fixed IPs are allowed to port 8006 (and ssh port...)
>
> On 14/09/14 19:00, admin at extremeshok.com wrote:
>> You don't need a VPN
>>
>> Follow the guides on my site this will give you a secure and optimized proxmox.
>>
>> Set proxmox admin interface to only listen locally (127.0.0.1) and connect via an ssh tunnel to port 8006.
>>
>> No offense, but this should be standard knowledge for an admin.
>>
>>
>> Guides on https://extremeshok.com/blog
>>
>> Sent from my iPhone
>>
>>> On 14 Sep 2014, at 6:44 PM, Bart Lageweg | Bizway <bart at bizway.nl> wrote:
>>>
>>> Hi Gerald,
>>>
>>> Use Eth0 for internal network + VPN access.
>>> Use Eth1 for internet access (no IP in interface, only create for bridge)
>>>
>>> Goodluck
>>>
>>> Bart
>>>
>>>
>>> -----Oorspronkelijk bericht-----
>>> Van: pve-user [mailto:pve-user-bounces at pve.proxmox.com] Namens Gerald Brandt
>>> Verzonden: zondag 14 september 2014 18:41
>>> Aan: pve-user at pve.proxmox.com
>>> Onderwerp: [PVE-User] Internet facing Proxmox
>>>
>>> Hi,
>>>
>>> I've been asked to set up a Proxmox server on the Internet. Has anybody done so, and how secure is the web interface on port 8006?
>>>
>>> I was considering running a VPN on Proxmox, and not allowing port 8006 access unless you were connected to the VPN. That creates issues if the VPN server goes down.
>>>
>>> Also, with the new built in firewall, how easy is it to run all VPN's on a private address space and port forward as needed?
>>>
>>> Gerald
>>>
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user at pve.proxmox.com
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user at pve.proxmox.com
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>
>
>
> --
> Zuzendari Teknikoa / Director Técnico
> Binovo IT Human Project, S.L.
> Telf. 943575997
> 943493611
> Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
> www.binovo.es
>
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
More information about the pve-user
mailing list