Problem Firewall Proxmox

FCCL-Vandoeuvre · Aug 16, 2024, 1:16 PM

Hello,

For a few days I’ve been trying to secure a virtualized Fog server using the firewall built into the Proxmox virtualizer.

I’ve allocated two ip addresses to the Fog server:

a public one (00.00.00.00) for which I’ve left ports 22, 80 and 443 for Fog-client, which seems to work.
a private one (192.168.10.112) which opens the ports needed for image capture and deployment. When the firewall on the internal network is deactivated, it works, but when I activate the rules, I get the error Starting sshd: touch: cannot touch ‘/var/lock/sshd’ : No such file or directory.

I’ve modified the /etc/default/nfs-kernel-server file, to replace RPCMOUNTDOPTS=--manage-gids with RPCMOUNTDOPTS=-p 20048

There’s a subtlety that escapes me, can you take a look at the following firewall screenshot?

Axel.

JJ Fullmer · Nov 29, 2024, 4:06 PM

@FCCL-Vandoeuvre what are you doing or. Trying to do when you get the sshd lock error?
Where are you seeing the error exactly?

fogcloud · Aug 19, 2024, 5:09 PM

@FCCL-Vandoeuvre This sounds identical to the issue I had. Basically during the imaging process, it would stop and show Starting sshd: touch: cannot touch ‘/var/lock/sshd’ : No such file or directory along with starting deployment scripts. I knew it was firewall related because when I disabled the firewall rules, it would work.

It turned out the solution was to configure NFS mountd to use the static port of 20048. You mentioned doing something similar, but I modified a different file than the one you mentioned (nfs.conf). Below is a link to the forum post I made and the solution.

https://forums.fogproject.org/topic/17604/what-ports-does-fog-use/2?_=1724085771324