Hi This is from PVE documents The Proxmox VE firewall groups the network into the following logical zones: Host
Traffic from/to a cluster node VM Traffic from/to a specific VM For each zone, you can define firewall rules for incoming and/or outgoing traffic. Em 2 de mar de 2017 18:15, "Pavel Kolchanov" <pavel.kolcha...@gmail.com> escreveu: > Hello. > > I have enabled GRE and PPtP macro in firewall: > > cat /etc/pve/firewall/cluster.fw > [OPTIONS] > > policy_in: REJECT > enable: 1 > > [RULES] > > GROUP vpn > GROUP basic-node > > [group basic-node] > > IN Ping(ACCEPT) > IN ACCEPT -p tcp -dport 8006 # Proxmox Web Interface > IN ACCEPT -p tcp -dport 22444 # SSH > > [group vpn] > > OUT GRE(ACCEPT) > IN GRE(ACCEPT) > IN PPtP(ACCEPT) > > But still cannot connect to pptpd until executed following commands: > > iptables -I INPUT -p gre -j ACCEPT > iptables -I OUTPUT -p gre -j ACCEPT > > Without these commands syslog tells: > Mar 2 23:44:56 proxmox pppd[7824]: pppd 2.4.6 started by root, uid 0 > Mar 2 23:44:56 proxmox pppd[7824]: using channel 16 > Mar 2 23:44:56 proxmox pppd[7824]: Using interface ppp0 > Mar 2 23:44:56 proxmox pppd[7824]: Connect: ppp0 <--> /dev/pts/1 > Mar 2 23:44:56 proxmox pppd[7824]: sent [LCP ConfReq id=0x1 <asyncmap > 0x0> <auth chap MS-v2> <magic 0x5aac399d> <pcomp> <accomp>] > Mar 2 23:44:56 proxmox pptpd[7810]: GRE: xmit failed from decaps_hdlc: > Operation not permitted > Mar 2 23:44:56 proxmox pptpd[7810]: CTRL: PTY read or GRE write failed > (pty,gre)=(6,7) > Mar 2 23:44:56 proxmox pptpd[7810]: CTRL: Reaping child PPP[7824] > Mar 2 23:44:56 proxmox pppd[7824]: Modem hangup > Mar 2 23:44:56 proxmox pppd[7824]: Connection terminated. > > Can be PPTP properly configured via pve-firewall? > Or those rules makes sense only for VM's, not nodes/cluster? > > -- > Pavel Kolchanov <pavel.kolcha...@gmail.com> > _______________________________________________ > pve-user mailing list > pve-user@pve.proxmox.com > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user > _______________________________________________ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user