[PVE-User] About PVE-Firewall and WebGUI access

Hector Suarez Planas hector.suarez at codesa.co.cu
Mon Nov 16 20:47:32 CET 2015


Shedding light to understand me (sorry for the spanish language of names 
and comments):

- Network ID: <>
- Hypervisors Proxmox VE: (v4.0) [vmbr0]
- Network Equipment Management:




enable: 1


IP_Equipo_Administrador_Red # Estacion de Trabajo del 
Administrador de la Red
IP_Hipervisor_PRX4-C0-1 # Hipervisor con Proxmox VE (PRX4-C0-1)

[IPSET equipos_gestion_servidores]


[IPSET hipervisores_proxmox_ve]


[group gestion_hipervisores]

IN ACCEPT -source IP_Equipo_Administrador_Red -dest 
+hipervisores_proxmox_ve -p tcp -dport 8006 -sport 1024:65535 # Gestion 
de Hipervisores Proxmox VE a traves de la Interfaz Grafica WEB (WebGUI)
IN ACCEPT -source IP_Equipo_Administrador_Red -dest 
+hipervisores_proxmox_ve -p tcp -dport 40497 -sport 1024:65535 # Gestion 
de Proxmox VE a traves de SSH (CLI)



nf_conntrack_tcp_timeout_established: 7875
nf_conntrack_max: 196608
log_level_in: debug
smurf_log_level: debug
log_level_out: debug
enable: 1
tcp_flags_log_level: debug
tcpflags: 1


GROUP gestion_hipervisores -i vmbr0
IN Ping(ACCEPT) -i vmbr0 -source IP_Equipo_Administrador_Red -dest 
+hipervisores_proxmox_ve # Solamente desde los Equipos de Gestion de la 
Red se puede Pingear a los Hipervisores Proxmox VE


I did a test with the PC with IP address and I reached the 
WebGUI of Proxmox VE without problems.It is assumed that the firewall 
should not allow access because the origin of the connection not part 
from the IP address neither172.16.1.7. :-(

The rule of SSH access working on successfully. :-)

Lic. Hector Suarez Planas
Administrador Nodo CODESA
Santiago de Cuba
Blog: http://nihilanthlnxc.cubava.cu/
ICQ ID: 681729738
Conferendo ID: hspcuba

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20151116/56089981/attachment.htm>

More information about the pve-user mailing list