[PVE-User] Internet facing Proxmox

Guy Plunkett guy at britewhite.net
Mon Sep 15 09:43:37 CEST 2014 

I would strongly suggest against this or indeed any way to put proxmox directly on the internet.

The way I go about this would be to create a private network inside proxmox and host a real firewall system such as pfsense (pfsense.org) to front the internet and then use PPTP or OpenVPN to connect into the network.  Much safer.


Cheers,

--Guy




On 15 Sep 2014, at 08:31, Eneko Lacunza <elacunza at binovo.es> wrote:

> You can also setup iptables so that only your fixed IPs are allowed to port 8006 (and ssh port...)
> 
> On 14/09/14 19:00, admin at extremeshok.com wrote:
>> You don't need a VPN
>> 
>> Follow the guides on my site this will give you a secure and optimized proxmox.
>> 
>> Set proxmox admin interface to only listen locally (127.0.0.1) and connect via an ssh tunnel to port 8006.
>> 
>> No offense, but this should be standard knowledge for an admin.
>> 
>> 
>> Guides on https://extremeshok.com/blog
>> 
>> Sent from my iPhone
>> 
>>> On 14 Sep 2014, at 6:44 PM, Bart Lageweg | Bizway <bart at bizway.nl> wrote:
>>> 
>>> Hi Gerald,
>>> 
>>> Use Eth0 for internal network + VPN access.
>>> Use Eth1 for internet access (no IP in interface, only create for bridge)
>>> 
>>> Goodluck
>>> 
>>> Bart
>>> 
>>> 
>>> -----Oorspronkelijk bericht-----
>>> Van: pve-user [mailto:pve-user-bounces at pve.proxmox.com] Namens Gerald Brandt
>>> Verzonden: zondag 14 september 2014 18:41
>>> Aan: pve-user at pve.proxmox.com
>>> Onderwerp: [PVE-User] Internet facing Proxmox
>>> 
>>> Hi,
>>> 
>>> I've been asked to set up a Proxmox server on the Internet.  Has anybody done so, and how secure is the web interface on port 8006?
>>> 
>>> I was considering running a VPN on Proxmox, and not allowing port 8006 access unless you were connected to the VPN.  That creates issues if the VPN server goes down.
>>> 
>>> Also, with the new built in firewall, how easy is it to run all VPN's on a private address space and port forward as needed?
>>> 
>>> Gerald
>>> 
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user at pve.proxmox.com
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user at pve.proxmox.com
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>> 
> 
> 
> -- 
> Zuzendari Teknikoa / Director Técnico
> Binovo IT Human Project, S.L.
> Telf. 943575997
>      943493611
> Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
> www.binovo.es
> 
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

More information about the pve-user mailing list