Correction: The IP-Filter blocks only traffic from inside to outside and
not as I have written from outside to inside!
Am 15.05.2019 um 09:07 schrieb Detlef Bracker:
Dear,
their are 2 bugs (or thats features?) in the firewall with VM with
Cloud-Init!
(
a) When in VM -> Cloud-I
Dear,
their are 2 bugs (or thats features?) in the firewall with VM with
Cloud-Init!
(
a) When in VM -> Cloud-Init -> Network-Interface: firewall set on
AND
b) VM -> Firewall -> Options -> IP-Filter: set on
)
AND
c) VM -> Firewall -> Options -> Firewall: set off / set on - is equal
wil
More Infos after many tests and my cognition is: the *proxmox backup is
absolute unsecure* and
can been the proxmox HA too - why a wrong MBR will then wrong on the
other machines too!
First find the problem - I thing it can been a bug in VMs on Proxmox 5.x
- yesterday after host reboot!
*The
Hi,
after Update on Proxmox PVE to version 5.2-2 (via GUI) and restart the Host,
the VM with PMG (Proxmox-Gateway) not start anymore, why harddisc not found!
Then I have restore a backup from yesterday in an new VM and thats the same!
The PMG was update normal - possible last week - I dont not e
7.6-pve1~bpo9 ==> 0.7.7-pve1~bpo9
libzfs2linux: 0.7.6-pve1~bpo9 ==> 0.7.7-pve1~bpo9
libzpool2linux: 0.7.6-pve1~bpo9 ==> 0.7.7-pve1~bpo9
So what is now?
Regards
Detlef
Am 11.04.2018 um 15:06 schrieb Dominik Csapak:
On 04/11/2018 03:05 PM, Detlef Bracker wrote:
Dear,
as I have read ZFS in V
Dear,
as I have read ZFS in Version 0.7.7 has a big bug - heavy data loosing
ZFS / ZoL !
So why you bring now out a new update with this packages:
zfs-initramfs: 0.7.6-pve1~bpo9 ==> 0.7.7-pve1~bpo9
zfsutils-linux: 0.7.6-pve1~bpo9 ==> 0.7.7-pve1~bpo9
libzfs2linux: 0.7.6-pve1~bpo9 ==> 0.7.7-pve
Dear,
where can I send a wish list for the Mail-Gateway?
a) add Button and a function to forward mail in spamquarantaine to other
receives, expl. abuse - mail-address of the sender
b) Date-Filters (from and to) - when not changed long time, then
automatic set for: from: to now() - 24 hours and
Dear,
a new Bug as we have update today the proxmox with firewall
General-Settings in cluster.fw normal (cut) for plesk! See here the
first line is marked with |
the disable marker will been ignored - can been why a 2nd setting for
8443 witch is activated in the rules!
See the iptables - rul
Dear,
min more as 1 year we make backups into VM-containers with ZFS without
problems, but I dont know from weeks ago,
this works not more. The incremental zfs-streams works every time fine,
but not create new zfs subpools! This is equal now
in last proxmox 4.x version and too in proxmox 5.x in
er unserem Absender!
P.S. ePrivacy in Europa - lesen Sie mehr - read more
<http://blog.1awww.com/2012/05/30/achtung-internet-seiten-betreiber-eprivacy-richtlinien-umzusetzen/>
Mit freundlichen Gruessen
1awww.com - Internet-Service-Provider
Detlef Bracker
Camino Velilla 1, E 18690 Almune
Hi,
Why proxmox create zfs container with refquota or others without set of
refquota!
Or is that possible, that old containers was set with refquota and new
created not?
Possible one update has change the settings for container creating or
with API with
refquota and via GUi with none? I dont
Dear,
why a deleting of a container deletes equal a mountpoint?
A mount point can been used eqal from 2 servers - right?
Regards
Detlef
___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Dear,
why IO - traffic in the GUI for LXC - ZFS - Containers no visible? All
everytime 0!
This is in the beta version the same as in proxmox 4.x!
Regards
Detlef
___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mai
But the idea with create Containers from IRC is nice too! :-)
signature.asc
Description: OpenPGP digital signature
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Installation of diferent things hangs and long log files with this
message comes:
Debian 8 Proxmox LCX-Image - updated to systemd mode - rebooted -
updated - installation of plesk expl.
Feb 23 01:59:34 ct1004 systemd[1]: Looping too fast. Throttling
execution a little.
Feb 23 01:59:35 ct1004
Every scenerario breaks with other problems - So has somebody a resolution?
Plesk will not work on LCX container about mount problems! A backup and
restore as an unprivileged server with option ignore restore fails,
brings new other problems why then the system is no more usable -
possible parts o
**
* vRack - Container-Network-Config *
* Aufruf erfolgt von awos*
* (c) by Detlef Bracker 2015 *
**
vRack_netconfig.sh CTID IP1 NET1 GW1 IP2 NET2 GW2 IP3 NET3 GW3 IP4 NET4 GW4
IPx = IPv4 oder IPv6
NETx = Net-Devisor
GWx = GWv4
more
<http://blog.1awww.com/2012/05/30/achtung-internet-seiten-betreiber-eprivacy-richtlinien-umzusetzen/>
Mit freundlichen Gruessen
1awww.com - Internet-Service-Provider
Detlef Bracker
Camino Velilla 1, E 18690 Almunecar, Tel.: +34.6 343 232 61 * EU-VAT-ID:
ESX4516542D
This email and a
Dear,
from the proxmox stock installed the templates works absolute suboptimal !
The templates are produced for homepc`s or as linux virtual servers?
I have test 3 templates and all this 3 templates are not direct usable
without hands on!
Tomorrow I will check the others!
fedora-24-default_201612
I close this thread, why this is not the problem of the API, but a
problem of wrong templates!
I open a new thread!
Am 04.02.2017 um 01:48 schrieb Detlef Bracker:
> sorry, but the PHP-API let send the password, but the password will not
> been set in the virtual machine!
>
> Now
ve.proxmox.com/wiki/Proxmox_VE_API their
are not enough informations,
about send the passwords! In the top need a warning "Create
LXC-Container with passwords can used only on this way . "
Now I am hanging 4 days about this part and a better documentation will
reduce the problem sure t
Dear,
I thing so, thats a bug!
A ping from outside to the LXC-containers to all NICs works fine!
A ping from console via the NICs 2- is not possible! So, this can
been a big problem, when a daemon will send from the NICs 2-
ping 8.8.8.8 -I eth0 works fine
ping 8.8.8.8 -I eth1 Destinati
Hi,
horrible, when an API has absolute buggy documentation and the examples
are wrong too (old version)!
In first I send I this via PHP-API and search minimum 6 hours for a
small problem!
Array for create an LXC-Container
(
[ostemplate] => local:vztmpl/ubuntu-16.10-standard_16.10-1_amd64.ta
is not handable for batches!
Regards
Detlef
Am 30.01.2017 um 14:28 schrieb Marco M. Gabriel:
> What about "pct create -password "?
>
> Regards,
> Marco
>
> P.S.: I guess this should be in the pve-user mailing list...
>
> Detlef Bracker mailto:brac...@1a
Dear
I found not an solution to set the LXC-Password for an LCX-Containter by
create!
I cand understand, that this standard feature their was in the old
proxmox-version for container implemented, now not exists!
I like to create the container via API or Shell-Commands!
Regards
Detlef
sig
Dear,
I thing so, this is long time bug with the backup function in proxmox!
VM is stopped
Start a backup - Mode STOP - VM started (why?) and backup hangs!
Stop Backup - will been stopped unexpected
Shutdown or Stop VM - not possible!
qm unlock [vm]
Shutdown is possible!
VM is stopped
Test in ot
Dear,
I have a problem - where I dont know why:
a) First creating via scripts a container with veth and the network
connection to container is fine!
b) Destroying the container and new creating this container - same
settings - and network connection to container fails!
no ping - no ssh is pos
}
return false;
} else {
// Login success.
$this->login_ticket = $login_ticket_data['data'];
// We store a UNIX timestamp of when the ticket was
generated here,
// so we can identify when we need a new one expir
Dear,
it will been nice, when their are separate informations in the GUI when
updates need urgend a
reboot of the host, expl. after a CVE when the resolving need a kernel
change about bug
with informations, when needed, expl. only for KVM when diskdrives used
or so!
A Host normaly will not been r
It will been nice, when security updates comes for one year longer!
In the 4.x - Version is many changed and not all something is clean! And
I thing so,
we and many other providers have written programms arround, they cant
been change
in short time! Expl. container control from shell with vzctl, ip
IP of the other container and can create a new nameserver and now he
can manipulate
all nameserver-entries of the other!
How possible to create security of this? Their is nothing written in the
wiki or other
documentation!
Am 20.01.2016 um 01:54 schrieb Detlef Bracker:
> Dear,
>
> In mome
Dear,
In moment I test on proxmox 3.4 the bridging via ovh vrack 1.5!
The old way I used before
RIPE-RIRs container 100 (via venet)
RIPE-RIRS -> eth0 ---> venet ---> container 101 (via venet)
RIPE-RIES Icontainer 102 (via
em Absender!
P.S. ePrivacy in Europa - lesen Sie mehr - read more
<http://blog.1awww.com/2012/05/30/achtung-internet-seiten-betreiber-eprivacy-richtlinien-umzusetzen/>
Mit freundlichen Gruessen
1awww.com - Internet-Service-Provider
Detlef Bracker
Camino Velilla 1, E 18690 Almunecar, Te
' part.
>
> On Tue, Sep 01, 2015 at 12:13:28PM +0200, Detlef Bracker wrote:
>> Dear:
>>
>> root@localhost:~# fdisk -l /dev/vdb
>>
>> Disk /dev/vdb: 64.4 GB, 64424509440 bytes
>> 4 heads, 32 sectors/track, 983040 cylinders, total 125829120 sectors
>
Dear,
I can doe what I will, the /vdb1 in qcow2 OR now in raw-Format has 61,4 GB
They use 512 Byte Blocks:
root@localhost:~# fdisk -l
Disk /dev/vda: 21.5 GB, 21474836480 bytes
4 heads, 32 sectors/track, 327680 cylinders, total 41943040 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (
te --state NEW -j no-syn-flood
Regards
Detlef
Am 04.06.2015 um 01:54 schrieb Detlef Bracker:
> Dear,
>
> is that a good Idea to prevent SYN FLOOD on Proxmox host with uncomment
>
> #net.ipv4.tcp_syncookies=1
>
> Or is their something other to prevent in the PVE-Firewall?
>
ago changed in GUI)
PVE-Firewall work - I see iptables -L and ipset list is with standard
blocked IPs
I have read, but dont know is good for proxmox:
tcp_syn_retries now 5 - change to 3 is that better?
tcp_max_syn_backlock is 2048 - good ?!
Regards
Detlef
Am 04.06.2015 um 01:54 schrieb Detlef
Dear,
is that a good Idea to prevent SYN FLOOD on Proxmox host with uncomment
#net.ipv4.tcp_syncookies=1
Or is their something other to prevent in the PVE-Firewall?
We had in 2 days 2 SYN FLOOD to MySQL-Servers on many Containers with
diferent destination
IPs and comes only from one IP! The OVH
Dear,
I have found a problem with settings, this was 3 years ok and after
kernel-update to 2.6.32-37 we get problems with them!
Can somebody tell us more about why and why this create a crash? And why
traffic goes behind the kernel update via the
bridged interfaces with MAC?
So a big discrepance!
d you have resolve the problem, stop the
warnings via Log-Rotate:
#
# /usr/sbin/logrotate --force /etc/logrotate.conf
#
# (c) under GPL by Detlef Bracker, 1awww.com - 07.05.2015
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
tail -n 1000 /var/log/syslog | grep "error (h
ten-betreiber-eprivacy-richtlinien-umzusetzen/>
Mit freundlichen Gruessen
1awww.com - Internet-Service-Provider
Detlef Bracker
Velilla, Calle Club s/n, E 18690 Almunecar, Tel.: +34.6 343 232 61 *
EU-VAT-ID: ESX4516542D
This email and any files transmitted are confidential and intended only
Dear,
Kernel-Change can bring your Host to a not usable function - and their
are not correct informations or they are failed in doku about this
important things:
a) How you can block in Rescue-Mode the Autostart of PVE-Firewall
As a workarround we have remove the startups in /etc/rc*.*/*pve-f
Dear,
ca. at the 4th april Proxmox comes with updates the kernel Linux version
2.6.32-37-pve
And this activate automaticly without manual setting in grub, why I am
sure, that I have change
the kernel on 2 hosts without a reboot!
And in one future the hoster, so as we, must reboot the host and the
Dear,
is their a possiblity in rescue mode to set autostart of all containers
and VMs to off?
Regards
Detlef
signature.asc
Description: OpenPGP digital signature
___
pve-devel mailing list
pve-devel@pve.proxmox.com
http://pve.proxmox.com/cgi-bin/ma
Dear,
I search a problem on one of our host with proxmox
ipv6 is not dissabled, so as I can see in /etc/sysctl.conf and the
problem under /proc/sys/net - their are not the ipv6 folders!
the /etc/network/interfaces
look like good and in the boot.log I have this:
Sun Apr 26 02:46:41 2015: Settin
Oh, I means I have found from where this was comming!
I had before on one container a hacker and I have down this container
(blocking customer) and I have forgot
to set the onboot=no and yesterday I have restart the host, but this is
interessting - and 999 is only a clone from
280 for analysis and
Dear,
I will inform, can been a problem in proxmox, the host freeze from
00:00h (why exactly at 00:00h) until reboot with this problems on host:
htop - blank page and q or CTRL+C withour resolution - I must connect
via new ssh windoww
ps -ef - stops in the list and hangs + CTRL-C without resoluti
Dear,
I dont know why, but 2nd time the scheduled backup hangs without
information - why - runs now for small VM more as 10 hours:
The NFS has enough available space and is connected fine! I miss too the
Log-File in the Backup-Directory from today but the .dat file
exists!
INFO: starting new back
When I renamed the alias to letters in the alias and in the security
group ejemplo nsawww is the
same!
WORKARROUND: No usar aliases! When I change the source to the real IP,
then this is function with
diferent IPs fine!
Am 05.02.2015 um 18:48 schrieb Detlef Bracker:
> Hola,
>
> I have
Hola,
I have create 3 aliases (Firewall -> Alias)
ns11awww
ns21awww
ns31awww
with different IPs!
In a security role I have add this aliases for UDP / TCP for port 53 -
and proxmox create this in iptables:
PVEFW-SET-ACCEPT-MARK udp -- 256.256.256.256
0.0.0.0/0 [goto] udp d
Dear,
can I install the Open vSwitch in a running proxmox host or will this
change the other settings of running containers,
that I have then a big problem? About the standard settings in the host,
is the /etc/network/interfaces the only
one file, that the installation of ovs change? When I make a
more
<http://blog.1awww.com/2012/05/30/achtung-internet-seiten-betreiber-eprivacy-richtlinien-umzusetzen/>
Mit freundlichen Gruessen
1awww.com - Internet-Service-Provider
Detlef Bracker
Velilla, Calle Club s/n, E 18690 Almunecar, Tel.: +34.6 343 232 61 *
EU-VAT-ID: ESX4516542D
This email a
much traffic and
we look in proxmox!
And a better idee is then for feature, make a 3rd - 10th line in the
summary with the top
10 containers they use expl. this traffic to resolve the searching when
problems exists!
Regards
1awww.com - Internet-Service-Provider
Detlef Bracker
signature.asc
Dear,
their is a problem with installation mysql-server 5.5 on debian wheezy
in a proxmox container same as in openvz
Only this helps for the problem, but why?
This site give a workarround:
http://unix.stackexchange.com/questions/152146/problems-installing-mysql-on-debian
>>The problem you are
Dear,
I get an error by numiptent 18:18 when I start this container.
Starting container ...
Container is mounted
Container start failed (try to check kernel messages, e.g. "dmesg | tail")
Container is unmounted
dmesg | tail
Fatal resource shortage: numiptent, UB 294.
CT: 294: stopped
CT: 294: fa
Dear,
ok, thats help now to resolve the problem:
service rsyslogd stop
kill `cat /run/rsyslogd.pid`
// check that in /run no a rsyslogd.pid exists now!
service rsyslogd start
Regards
Detlef
Am 11.12.2014 02:05, schrieb Detlef Bracker:
> Dear,
>
> I have the same problem on 2 difer
/messages
log does not need rotating
not running postrotate script, since no logs were rotated
.
Am 11.12.2014 02:05, schrieb Detlef Bracker:
> Dear,
>
> I have the same problem on 2 diferent hosts! The logrotate is not
> working correct and the logs
> are not going in the l
Dear,
I have the same problem on 2 diferent hosts! The logrotate is not
working correct and the logs
are not going in the log-files normal, they go in the log-file with the
number .1 !!!
Expample not logged in auth - but logged in auth.1
or not logged in syslog - but logged in syslog.1
*This is a
Hola,
you can create in the Datacenter a security group, then you can add this
group in
containers! Later you change the name of the group-name of the security
group
in the datacenter and the gui no change this in the containers!
In this moment I think so, that the security group with the filter
Hi,
the PVE-Firewall not filter via blacklist the traffic to containers via
veth !
example:
NETIF="ifname=eth0,mac=02:00:00:**:3b:b9,host_ifname=veth106.0,host_mac=02:00:00:**:3b:b8,bridge=vmbr0;ifname=eth1,mac=02:00:00:4a:**:b2,host_ifname=veth106.1,host_mac=02:00:00:4a:**:b3,bridge=vmbr0"
Reg
ore
<http://blog.1awww.com/2012/05/30/achtung-internet-seiten-betreiber-eprivacy-richtlinien-umzusetzen/>
Mit freundlichen Gruessen
1awww.com - Internet-Service-Provider
Detlef Bracker
Velilla, Calle Club s/n, E 18690 Almunecar, Tel.: +34.6 343 232 61 *
EU-VAT-ID: ESX4516542D
This emai
Dear,
ok, with configuration the vzdump.conf and setting a temp-folder, its
working fine.
I will check this more intensive next days
Thanks
Detlef
Am 15.11.2014 01:14, schrieb Detlef Bracker:
> Dear,
>
> to backup container to nfs in suspend mode, I get many errors
>
&
Dear,
to backup container to nfs in suspend mode, I get many errors
rsync chown operation not permitted
and the backup end with errors
My question is, ist this a nfs problem or a problem of proxmox?
I have longer time before create the NFS via the GUI and proxmox has
create a mount link
u
Sorry, I was to fast happy,
behind a new start of the firewall, all the same, Containers with IPv6
firewall activated, and the firewall cant start!
Sorry, I have test to fast!
Regards
Detlef
signature.asc
Description: OpenPGP digital signature
_
Dear all,
we have download now the new updates of proxmox and have test now again the
firewall and we are happy, that the bug is now resolved!
So we will test more about the security of the firewall and so on!
Many thanks to all they are involved with this!
Detlef
signature.asc
Description:
And this is the same for containers, they use IPv4 and IPv6!
So when proxmox not handle IPv6, what is in our time absolute bad, then
this must been
min. filtered!
More as 60 % of users in germany, now have an IPv6 internet connection!
Software must been
created for IPv4 and IPv6 ! Or what is that
this must been a minimum to filter this and later
resolve the IPv6 !
Am 28.10.2014 17:57, schrieb Detlef Bracker:
> Dear,
>
> so, when one Container is set to firewalled mode and they has an IPv6,
> then the firewall cant work anymore!
>
> pve-firewall stop
> pve-firewall
Dear,
so, when one Container is set to firewalled mode and they has an IPv6,
then the firewall cant work anymore!
pve-firewall stop
pve-firewall start
ipvtables -L
is then empty!
In log-File, I get then the error-message: pve-firewall[598770]: status
update error: command '/usr/sbin/ipset restor
Dear,
can been, that the problems comes with to much containers?
I have now mv many *.fw to other folder and behind a restart the
pve-firewall works!
So, now I will step by step move the container settings of *.fw in
/etc/pve/firewall back and we will see later, whats happen!
Regards
Detlef
Dear,
I have now the same problem on one host!
When I restart the pve-firewall, in log-File I have this:
pve-firewall[636118]: status update error: command '/usr/sbin/ipset
restore' failed: exit code 1
I have make an ipset list, their is this in:
Name: PVEFW-0-blacklist
Type: hash:net
Header:
Dear,
about that pmxcfs can not handle large files, I need a little help to
create a 2nd blacklist with many
IPs for automatic blocking, so as the normal blacklist in proxmox does!
Dietmar write me in the forum, to make with ipset. I have read the man
just before but I cant understand
how to comb
71 matches
Mail list logo
