Author Topic: Firewall issue with DROPPED TCP to a proxmox server, seems no reason?  (Read 1019 times)


  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +1/-0
    • View Profile
Hi All,
was finding this difficult to trace cause, thinking this was firewall issue
(It may have been able to be solved via a network config but I lack the info for such an endeavor.)

proxmox (PVE1@ (working fine for several months)
      VM Zentyal 6.3 VM (
      VM CenOS etc

Client (PC@ DHCP via Zentyal, wont allow /24 not sure why that is)
Now installing additional Proxmox server to host further research VM's
Installation went fine.. (The new proxmox report its ready on the

proxmox (PVE2@

I can ping Zentyal ( from proxmox (PVE2@
I can ping proxmox ( from zentyal (

I can not ping proxmox (  from client (
I can not ping proxmox (  from proxmox ( (mask issue?)

thus the GUI to proxmox ( from a client machine ( does not come up.
Checking the log from the Zentyal firewall module reports ACCESS was dropped

2020-12-31 20:15:57  eth1  eth1   TCP  8006    51359    DROP
2020-12-31 20:15:57      eth1      TCP    8006    51359    DROP

As the firewall rules are open and at defaults the issue points to static address may be required for proxmox and
reserved in Zentyal.


reinstalled proxmox with a IPaddress as static (note the mask is not 32)

and reserved the address in Zentyal (DHCP Advanced and added the defined object)

I can now ping from the client  (  to (
and also ping from PVE1 to PVE2

Hopefully this is the correct method for this type of setup,
Help understanding why ZENTYAL dhcp wont work for this would be appreciated.
« Last Edit: January 02, 2021, 04:57:41 pm by Trilec »


  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +5/-0
    • View Profile
Re: Firewall issue with DROPPED TCP to a proxmox server, seems no reason?
« Reply #1 on: January 04, 2021, 05:21:27 pm »
I think your firewall trouble is kind of secondary to your primary problem.
You put your devices (be it the client or the Proxmox machines) on a /32 netmask. By doing that you completely isolate those devices from any networks (both LAN and WAN) unless you set a static route to your router on them. Why would you assign that to a device you want to be a part of your network? You basically disconnect them from your network and then wonder why they can't see each other. Set your netmask to /24 everywhere and you get rid of your problem whatsoever. :)