My current configuration:
Proxmox server facing Internet running several linux guests.
Proxmox = Debian
Guests = Ubuntu
Proxmox has a single Public IP, guests are using Nat rules.
Tailscale client installed on proxmox host and Linux guests.
If I try to apply the settings explained in the " Use UFW to lock down an Ubuntu server" document to the guest it works correctly, but doing the same on the host blocks access to all the guests.
I tried adding some rules like:
allowing vmbr1 inbound rule
allowing specific protocol
but didn’t find a working solution.
The only working solution is to secure the guest without host rules which is not recommended.
Thank you for your rapid comment.
Here is the status of my host firewall
To Action From
-- ------ ----
[ 1] 80/tcp ALLOW IN Anywhere
[ 2] 32400/tcp ALLOW IN Anywhere
[ 3] Anywhere on tailscale0 ALLOW IN Anywhere
[ 4] 41641/udp ALLOW IN Anywhere
[ 5] 443/tcp ALLOW IN Anywhere
[ 6] Anywhere on vmbr1 ALLOW IN Anywhere
[ 7] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 8] 80/tcp (v6) ALLOW IN Anywhere (v6)
[ 9] 32400/tcp (v6) ALLOW IN Anywhere (v6)
[10] Anywhere (v6) on tailscale0 ALLOW IN Anywhere (v6)
[11] 41641/udp (v6) ALLOW IN Anywhere (v6)
[12] 443/tcp (v6) ALLOW IN Anywhere (v6)
[13] Anywhere (v6) on vmbr1 ALLOW IN Anywhere (v6)
This is the firewall status of my Linux Guest:
To Action From
-- ------ ----
Anywhere on tailscale0 ALLOW IN Anywhere
41641/udp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
32400/tcp ALLOW IN Anywhere