[PVE-User] Internet facing Proxmox
Eneko Lacunza
elacunza at binovo.es
Mon Sep 15 09:51:36 CEST 2014
Guy, so how do you connect if the Firewall VM is down? :)
On 15/09/14 09:43, Guy Plunkett wrote:
> I would strongly suggest against this or indeed any way to put proxmox directly on the internet.
>
> The way I go about this would be to create a private network inside proxmox and host a real firewall system such as pfsense (pfsense.org) to front the internet and then use PPTP or OpenVPN to connect into the network. Much safer.
>
>
> Cheers,
>
> --Guy
>
>
>
>
> On 15 Sep 2014, at 08:31, Eneko Lacunza <elacunza at binovo.es> wrote:
>
>> You can also setup iptables so that only your fixed IPs are allowed to port 8006 (and ssh port...)
>>
>> On 14/09/14 19:00, admin at extremeshok.com wrote:
>>> You don't need a VPN
>>>
>>> Follow the guides on my site this will give you a secure and optimized proxmox.
>>>
>>> Set proxmox admin interface to only listen locally (127.0.0.1) and connect via an ssh tunnel to port 8006.
>>>
>>> No offense, but this should be standard knowledge for an admin.
>>>
>>>
>>> Guides on https://extremeshok.com/blog
>>>
>>> Sent from my iPhone
>>>
>>>> On 14 Sep 2014, at 6:44 PM, Bart Lageweg | Bizway <bart at bizway.nl> wrote:
>>>>
>>>> Hi Gerald,
>>>>
>>>> Use Eth0 for internal network + VPN access.
>>>> Use Eth1 for internet access (no IP in interface, only create for bridge)
>>>>
>>>> Goodluck
>>>>
>>>> Bart
>>>>
>>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: pve-user [mailto:pve-user-bounces at pve.proxmox.com] Namens Gerald Brandt
>>>> Verzonden: zondag 14 september 2014 18:41
>>>> Aan: pve-user at pve.proxmox.com
>>>> Onderwerp: [PVE-User] Internet facing Proxmox
>>>>
>>>> Hi,
>>>>
>>>> I've been asked to set up a Proxmox server on the Internet. Has anybody done so, and how secure is the web interface on port 8006?
>>>>
>>>> I was considering running a VPN on Proxmox, and not allowing port 8006 access unless you were connected to the VPN. That creates issues if the VPN server goes down.
>>>>
>>>> Also, with the new built in firewall, how easy is it to run all VPN's on a private address space and port forward as needed?
>>>>
>>>> Gerald
>>>>
>>>> _______________________________________________
>>>> pve-user mailing list
>>>> pve-user at pve.proxmox.com
>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>> _______________________________________________
>>>> pve-user mailing list
>>>> pve-user at pve.proxmox.com
>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>> _______________________________________________
>>> pve-user mailing list
>>> pve-user at pve.proxmox.com
>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>
>>
>> --
>> Zuzendari Teknikoa / Director Técnico
>> Binovo IT Human Project, S.L.
>> Telf. 943575997
>> 943493611
>> Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
>> www.binovo.es
>>
>> _______________________________________________
>> pve-user mailing list
>> pve-user at pve.proxmox.com
>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>
>
--
Zuzendari Teknikoa / Director Técnico
Binovo IT Human Project, S.L.
Telf. 943575997
943493611
Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
www.binovo.es
More information about the pve-user
mailing list