[PVE-User] Internet facing Proxmox

admin at extremeshok.com admin at extremeshok.com
Mon Sep 15 10:53:52 CEST 2014 

Monit would be easier and better at managing the various services and keeping them working.

At the end of the day, a ssh tunnel is a safe and reliable way.

Use fail2ban with our proxmox configs and our denyhosts to lockdown admin and ssh logins


https://extremeshok.com

> On 15 Sep 2014, at 10:00 AM, Guy Plunkett <guy at britewhite.net> wrote:
> 
> well yeah that's always a problem. :).. I also use zenoss core (zenoss.org) to monitor my systems.  You can easily configure zenoss to monitor the firewall etc, and if it's down, you can have it connect to proxmox and restart it.
> 
> 
> Cheers,
> 
> --Guy
> 
> 
> 
> 
>> On 15 Sep 2014, at 08:51, Eneko Lacunza <elacunza at binovo.es> wrote:
>> 
>> Guy, so how do you connect if the Firewall VM is down? :)
>> 
>>> On 15/09/14 09:43, Guy Plunkett wrote:
>>> I would strongly suggest against this or indeed any way to put proxmox directly on the internet.
>>> 
>>> The way I go about this would be to create a private network inside proxmox and host a real firewall system such as pfsense (pfsense.org) to front the internet and then use PPTP or OpenVPN to connect into the network.  Much safer.
>>> 
>>> 
>>> Cheers,
>>> 
>>> --Guy
>>> 
>>> 
>>> 
>>> 
>>>> On 15 Sep 2014, at 08:31, Eneko Lacunza <elacunza at binovo.es> wrote:
>>>> 
>>>> You can also setup iptables so that only your fixed IPs are allowed to port 8006 (and ssh port...)
>>>> 
>>>>> On 14/09/14 19:00, admin at extremeshok.com wrote:
>>>>> You don't need a VPN
>>>>> 
>>>>> Follow the guides on my site this will give you a secure and optimized proxmox.
>>>>> 
>>>>> Set proxmox admin interface to only listen locally (127.0.0.1) and connect via an ssh tunnel to port 8006.
>>>>> 
>>>>> No offense, but this should be standard knowledge for an admin.
>>>>> 
>>>>> 
>>>>> Guides on https://extremeshok.com/blog
>>>>> 
>>>>> Sent from my iPhone
>>>>> 
>>>>>> On 14 Sep 2014, at 6:44 PM, Bart Lageweg | Bizway <bart at bizway.nl> wrote:
>>>>>> 
>>>>>> Hi Gerald,
>>>>>> 
>>>>>> Use Eth0 for internal network + VPN access.
>>>>>> Use Eth1 for internet access (no IP in interface, only create for bridge)
>>>>>> 
>>>>>> Goodluck
>>>>>> 
>>>>>> Bart
>>>>>> 
>>>>>> 
>>>>>> -----Oorspronkelijk bericht-----
>>>>>> Van: pve-user [mailto:pve-user-bounces at pve.proxmox.com] Namens Gerald Brandt
>>>>>> Verzonden: zondag 14 september 2014 18:41
>>>>>> Aan: pve-user at pve.proxmox.com
>>>>>> Onderwerp: [PVE-User] Internet facing Proxmox
>>>>>> 
>>>>>> Hi,
>>>>>> 
>>>>>> I've been asked to set up a Proxmox server on the Internet.  Has anybody done so, and how secure is the web interface on port 8006?
>>>>>> 
>>>>>> I was considering running a VPN on Proxmox, and not allowing port 8006 access unless you were connected to the VPN.  That creates issues if the VPN server goes down.
>>>>>> 
>>>>>> Also, with the new built in firewall, how easy is it to run all VPN's on a private address space and port forward as needed?
>>>>>> 
>>>>>> Gerald
>>>>>> 
>>>>>> _______________________________________________
>>>>>> pve-user mailing list
>>>>>> pve-user at pve.proxmox.com
>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>>>> _______________________________________________
>>>>>> pve-user mailing list
>>>>>> pve-user at pve.proxmox.com
>>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>>> _______________________________________________
>>>>> pve-user mailing list
>>>>> pve-user at pve.proxmox.com
>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>>>> 
>>>> -- 
>>>> Zuzendari Teknikoa / Director Técnico
>>>> Binovo IT Human Project, S.L.
>>>> Telf. 943575997
>>>>     943493611
>>>> Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
>>>> www.binovo.es
>>>> 
>>>> _______________________________________________
>>>> pve-user mailing list
>>>> pve-user at pve.proxmox.com
>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
>> 
>> 
>> -- 
>> Zuzendari Teknikoa / Director Técnico
>> Binovo IT Human Project, S.L.
>> Telf. 943575997
>>     943493611
>> Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa)
>> www.binovo.es
> 
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user

More information about the pve-user mailing list