Yeah, so this one is going to be a journey. Let me outline things and then get to the problem.
I have a Proxmox VE server (ver. 9) installed on my server. I have an SDN setup for a NAT network for my VMs. So far, so good. I have Tailscale installed on the PVE host to allow me to access the server remotely. I also tried to setup UFW to only allow connections through the tailscale connection. For reference, here are the rules:
$ ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip To Action From -- ------ ---- Anywhere on tailscale0 ALLOW IN Anywhere Anywhere (v6) on tailscale0 ALLOW IN Anywhere (v6) Fairly simple, which is all that I need. I have a Proxmox Backup Server also running on this tailnet, so it's a nice little package.
However, what happens is that when I enable UFW, my VMs cannot get an IP from the SDN. For reference, I setup the SDN for a private NAT network using this guide: https://pve.proxmox.com/wiki/Setup_Simple_Zone_With_SNAT_and_DHCP Again, a nice and simple setup.
I did think there was a problem with the UFW setup with a few changes:
- I updated
/etc/default/ufwand setDEFAULT_FORWARD_POLICY="ACCEPT" - I updated
/etc/ufw/sysctl.confand uncommentednet.ipv4.ip_forward=1 - I added the following to
/etc/ufw/before.rulebefore thefilterrules:
*nat :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 10.0.0.0/24 -o eno1 -j MASQUERADE COMMIT Unfortunately this did not make a difference after applying the changes or rebooting the server. Essentially with UFW running, my VMs have a broken network. Any advice is appreciated.
