"
Hi all,
I've been struggling with the below for the whole day.
Didn't find any related topic here, so here I am -
I have 2 Proxmox physical machines, on each one of them, I have an OpnSense VM (both Opns run in HA).
All 4 machines live in the same "management" VLAN, let's say 10.0.10.0/24.
I have defined the following rules on the MGMT interface (VLAN 10):
However, still on the MGMT interface, when connecting from my laptop (which receives an IP that is not listed in the Management PCs alias), I have a weird behavior related to rule 4:
I'm sure one of the geniuses right here can help me sort this out.
Until then, thanks for the great support and fruitful discussions here.
I've been struggling with the below for the whole day.
Didn't find any related topic here, so here I am -
I have 2 Proxmox physical machines, on each one of them, I have an OpnSense VM (both Opns run in HA).
All 4 machines live in the same "management" VLAN, let's say 10.0.10.0/24.
I have defined the following rules on the MGMT interface (VLAN 10):
- allow any IPv4 - TCP/UDP traffic from MGMT net to OPNsense VIP on port 53 (DNS)
- allow any IPv4 traffic to non RFC1918+bogon networks (allow all machines on the MGMT net to access the Internet)
- allow any IPv4 traffic from ManagementPCs (alias) to any
- block IPv4+IPv6 traffic from any to any (I guess this one is not necessary, but I like to be explicit)
However, still on the MGMT interface, when connecting from my laptop (which receives an IP that is not listed in the Management PCs alias), I have a weird behavior related to rule 4:
- I can ping/access the internet both 8.8.8.8 and google.com - this is expected through rules 1 and 2
I cannot ping any of my OpnSense VMs nor any of my other VMs for that matter - this is expected through rule 4 as I'm not a Management PC - BUT I still CAN ping and actually log into the web GUI of both my Proxmox hosts. Not expected.
I'm sure one of the geniuses right here can help me sort this out.
Until then, thanks for the great support and fruitful discussions here.
