Problem Firewall Proxmox
-
Hello,
For a few days I’ve been trying to secure a virtualized Fog server using the firewall built into the Proxmox virtualizer.
I’ve allocated two ip addresses to the Fog server:
- a public one (00.00.00.00) for which I’ve left ports 22, 80 and 443 for Fog-client, which seems to work.
- a private one (192.168.10.112) which opens the ports needed for image capture and deployment. When the firewall on the internal network is deactivated, it works, but when I activate the rules, I get the error
Starting sshd: touch: cannot touch ‘/var/lock/sshd’ : No such file or directory.
I’ve modified the /etc/default/nfs-kernel-server file, to replace
RPCMOUNTDOPTS=--manage-gidswithRPCMOUNTDOPTS=-p 20048There’s a subtlety that escapes me, can you take a look at the following firewall screenshot?
Axel.
-
@FCCL-Vandoeuvre what are you doing or. Trying to do when you get the sshd lock error?
Where are you seeing the error exactly? -
@FCCL-Vandoeuvre This sounds identical to the issue I had. Basically during the imaging process, it would stop and show Starting sshd: touch: cannot touch ‘/var/lock/sshd’ : No such file or directory along with starting deployment scripts. I knew it was firewall related because when I disabled the firewall rules, it would work.
It turned out the solution was to configure NFS mountd to use the static port of 20048. You mentioned doing something similar, but I modified a different file than the one you mentioned (nfs.conf). Below is a link to the forum post I made and the solution.
https://forums.fogproject.org/topic/17604/what-ports-does-fog-use/2?_=1724085771324
