GithubHelp home page GithubHelp logo

scripts's People

Contributors

x1aaron avatar

scripts's Issues

Can't reach firewall vm

First off. Your proxmox_networking.sh script is just what I was looking for. Thank you!

I am however having an issue. I can't reach the firewall VM from the outside and I can't ping out from the firewall VM. I can only ping the WAN_Network IP address that is assigned to proxmox. My guess is I've got to define the route in OPNsense but I have no idea how to define the route using the command line.

I've got OPNsense installed and given the WAN interface an IP address in the WAN_Network range 192.168.100.2/24 and proxmox has an IP address of 192.168.100.1/24 on the vmbr1 bridge interface.

When I try to ping out from the firewall VM I get:

PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: No route to host

Proxmox /etc/network/interfaces

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface enp4s0 inet manual

iface enp5s0 inet manual

auto vmbr0
iface vmbr0 inet static
	address REDACTED
	gateway REDACTED
	bridge-ports enp4s0
	bridge-stp off
	bridge-fd 0
	hwaddress REDACTED
#Public_Bridge

auto vmbr1
iface vmbr1 inet static
	address 192.168.100.1/24
	bridge-ports none
	bridge-stp off
	bridge-fd 0
#WAN_Network

auto vmbr2
iface vmbr2 inet static
	address 10.160.10.176/24
	bridge-ports none
	bridge-stp off
	bridge-fd 0
#LAN_Network

Variables:

#!/bin/sh
 
################### 
# Define variables
###################
 
## Public bridge holds physical interface (public IP, output gateway)
Public_Bridge="vmbr0"
 
## WAN bridge ( holds WAN_Network )
WAN_Bridge="vmbr1"
 
## LAN bridge ( holds Lan Network )
LAN_Bridge="vmbr2"
 
## Network between hypervisor and firewall
WAN_Network="192.168.100.0/24"
 
## Network between firewall and VMs
LAN_Network="10.160.10.0/24"
 
## IPV4 public IP of the physical interface 
Public_IP="REDACTED"
 
## Hypervisor IP inside the WAN network
Hypervisor_Wan_IP="192.168.100.1"
 
## Hypervisor IP inside the LAN network
Hypervisor_LAN_IP="10.160.10.176"
 
## Firewall IP inside the WAN network
Firewall_WAN_IP="192.168.100.2"
 
## SSH Port
SSH_Port="REDACTED"

IP Tables:

target     prot opt source               destination         
UDP        udp  --  anywhere             anywhere             ctstate NEW
TCP        tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request ctstate NEW

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             192.168.100.2       
ACCEPT     udp  --  anywhere             192.168.100.2       
ACCEPT     all  --  192.168.100.0/24     anywhere            

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     tcp  --  cloud1-vmh1.offsite.wg  anywhere             tcp dpt:http
ACCEPT     tcp  --  cloud1-vmh1.offsite.wg  anywhere             tcp dpt:https
ACCEPT     udp  --  cloud1-vmh1.offsite.wg  anywhere             udp dpt:domain
ACCEPT     tcp  --  cloud1-vmh1.offsite.wg  anywhere             tcp spt:REDACTED
ACCEPT     tcp  --  cloud1-vmh1.offsite.wg  anywhere             tcp spt:8006
ACCEPT     tcp  --  192.168.100.1        anywhere            

Chain TCP (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             cloud1-vmh1.offsite.wg  tcp dpt:REDACTED
ACCEPT     tcp  --  anywhere             cloud1-vmh1.offsite.wg  tcp dpt:8006

Chain UDP (1 references)
target     prot opt source               destination```

Any help or pointers would be greatly appreciated!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.