Monit would be easier and better at managing the various services and keeping them working.
At the end of the day, a ssh tunnel is a safe and reliable way. Use fail2ban with our proxmox configs and our denyhosts to lockdown admin and ssh logins https://extremeshok.com > On 15 Sep 2014, at 10:00 AM, Guy Plunkett <g...@britewhite.net> wrote: > > well yeah that's always a problem. :).. I also use zenoss core (zenoss.org) > to monitor my systems. You can easily configure zenoss to monitor the > firewall etc, and if it's down, you can have it connect to proxmox and > restart it. > > > Cheers, > > --Guy > > > > >> On 15 Sep 2014, at 08:51, Eneko Lacunza <elacu...@binovo.es> wrote: >> >> Guy, so how do you connect if the Firewall VM is down? :) >> >>> On 15/09/14 09:43, Guy Plunkett wrote: >>> I would strongly suggest against this or indeed any way to put proxmox >>> directly on the internet. >>> >>> The way I go about this would be to create a private network inside proxmox >>> and host a real firewall system such as pfsense (pfsense.org) to front the >>> internet and then use PPTP or OpenVPN to connect into the network. Much >>> safer. >>> >>> >>> Cheers, >>> >>> --Guy >>> >>> >>> >>> >>>> On 15 Sep 2014, at 08:31, Eneko Lacunza <elacu...@binovo.es> wrote: >>>> >>>> You can also setup iptables so that only your fixed IPs are allowed to >>>> port 8006 (and ssh port...) >>>> >>>>> On 14/09/14 19:00, ad...@extremeshok.com wrote: >>>>> You don't need a VPN >>>>> >>>>> Follow the guides on my site this will give you a secure and optimized >>>>> proxmox. >>>>> >>>>> Set proxmox admin interface to only listen locally (127.0.0.1) and >>>>> connect via an ssh tunnel to port 8006. >>>>> >>>>> No offense, but this should be standard knowledge for an admin. >>>>> >>>>> >>>>> Guides on https://extremeshok.com/blog >>>>> >>>>> Sent from my iPhone >>>>> >>>>>> On 14 Sep 2014, at 6:44 PM, Bart Lageweg | Bizway <b...@bizway.nl> wrote: >>>>>> >>>>>> Hi Gerald, >>>>>> >>>>>> Use Eth0 for internal network + VPN access. >>>>>> Use Eth1 for internet access (no IP in interface, only create for bridge) >>>>>> >>>>>> Goodluck >>>>>> >>>>>> Bart >>>>>> >>>>>> >>>>>> -----Oorspronkelijk bericht----- >>>>>> Van: pve-user [mailto:pve-user-boun...@pve.proxmox.com] Namens Gerald >>>>>> Brandt >>>>>> Verzonden: zondag 14 september 2014 18:41 >>>>>> Aan: pve-user@pve.proxmox.com >>>>>> Onderwerp: [PVE-User] Internet facing Proxmox >>>>>> >>>>>> Hi, >>>>>> >>>>>> I've been asked to set up a Proxmox server on the Internet. Has anybody >>>>>> done so, and how secure is the web interface on port 8006? >>>>>> >>>>>> I was considering running a VPN on Proxmox, and not allowing port 8006 >>>>>> access unless you were connected to the VPN. That creates issues if the >>>>>> VPN server goes down. >>>>>> >>>>>> Also, with the new built in firewall, how easy is it to run all VPN's on >>>>>> a private address space and port forward as needed? >>>>>> >>>>>> Gerald >>>>>> >>>>>> _______________________________________________ >>>>>> pve-user mailing list >>>>>> pve-user@pve.proxmox.com >>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >>>>>> _______________________________________________ >>>>>> pve-user mailing list >>>>>> pve-user@pve.proxmox.com >>>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >>>>> _______________________________________________ >>>>> pve-user mailing list >>>>> pve-user@pve.proxmox.com >>>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >>>> >>>> -- >>>> Zuzendari Teknikoa / Director Técnico >>>> Binovo IT Human Project, S.L. >>>> Telf. 943575997 >>>> 943493611 >>>> Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa) >>>> www.binovo.es >>>> >>>> _______________________________________________ >>>> pve-user mailing list >>>> pve-user@pve.proxmox.com >>>> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user >> >> >> -- >> Zuzendari Teknikoa / Director Técnico >> Binovo IT Human Project, S.L. >> Telf. 943575997 >> 943493611 >> Astigarraga bidea 2, planta 6 dcha., ofi. 3-2; 20180 Oiartzun (Gipuzkoa) >> www.binovo.es > > _______________________________________________ > pve-user mailing list > pve-user@pve.proxmox.com > http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user _______________________________________________ pve-user mailing list pve-user@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
