Zentyal Forum, Linux Small Business Server

Zentyal Server => Other modules => Topic started by: Trilec on December 31, 2020, 08:36:02 pm

Title: Firewall issue with DROPPED TCP to a proxmox server, seems no reason?
Post by: Trilec on December 31, 2020, 08:36:02 pm
Hi All,
was finding this difficult to trace cause, thinking this was firewall issue
(It may have been able to be solved via a network config but I lack the info for such an endeavor.)
Setup:

proxmox (PVE1@ 192.168.1.2/24) (working fine for several months)
      VM Zentyal 6.3 VM (192.168.1.1/24)
      VM CenOS etc
      ...

Client (PC@ 192.168.1.116/32 DHCP via Zentyal, wont allow /24 not sure why that is)
...
Now installing additional Proxmox server to host further research VM's
Installation went fine.. (The new proxmox report its ready on the https://192.168.1.29:8006)

proxmox (PVE2@ 192.168.1.29/32)
issues:

I can ping Zentyal (192.168.1.1/32) from proxmox (PVE2@ 192.168.1.29/32)
I can ping proxmox (192.168.1.29/32) from zentyal (192.168.1.1/24)

I can not ping proxmox (192.168.1.29/32)  from client (192.168.1.116/32)
I can not ping proxmox (192.168.1.29/32)  from proxmox (192.168.1.2/24) (mask issue?)

thus the GUI to proxmox (192.168.1.29/32) from a client machine (192.168.1.116) does not come up.
Checking the log from the Zentyal firewall module reports ACCESS was dropped

2020-12-31 20:15:57  eth1  eth1   192.168.1.29    192.168.1.116   TCP  8006    51359    DROP
also
2020-12-31 20:15:57      eth1             192.168.1.1     192.168.1.116   TCP    8006    51359    DROP

As the firewall rules are open and at defaults the issue points to static address may be required for proxmox and
reserved in Zentyal.

*FIXED:

reinstalled proxmox with a IPaddress as static 192.168.1.7/24 (note the mask is not 32)

and reserved the address in Zentyal (DHCP Advanced and added the defined object)

I can now ping from the client  (192.168.1.116/32)  to (192.168.1.7/24)
and also ping from PVE1 to PVE2

Hopefully this is the correct method for this type of setup,
Help understanding why ZENTYAL dhcp wont work for this would be appreciated.
Title: Re: Firewall issue with DROPPED TCP to a proxmox server, seems no reason?
Post by: ovecka on January 04, 2021, 05:21:27 pm
I think your firewall trouble is kind of secondary to your primary problem.
You put your devices (be it the client or the Proxmox machines) on a /32 netmask. By doing that you completely isolate those devices from any networks (both LAN and WAN) unless you set a static route to your router on them. Why would you assign that to a device you want to be a part of your network? You basically disconnect them from your network and then wonder why they can't see each other. Set your netmask to /24 everywhere and you get rid of your problem whatsoever. :)