Replies: 1 comment
-
|
Hi Dave, |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I was alerted to massive influx of martian hosts from the default gateway being logged on my proxmox host shortly after playing with ProxMenux for the first time:
For any user that has a few very common configurations, this is going to spew an incessant stream of logs to journald in perpetuity. Less-aware homelabbers will likely be pulling their hair out thinking there is some misconfigured host on their network.
The most common issue is having any port-forwarded VM/LXC hosts configured with their FQDN terminating to the public IP of the router connected to their ISP. As local LAN clients must access these services via the same public FQDN if they use SSL (like via letsencrypt on your reverse proxy server) the router will happily accept the broadcast traffic from the VM/LXC and rebroadcast it from itself as if the router is the NATed VM/LXC (via hairpin NAT).
While very useful in security conscious enterprise environments, due to Proxmox being so prolific in the homelab scene, I think it might be good to warn users before blindly applying these settings to their PVE environment:
Thoughts ?
[insert "change my mind" meme here :]
-=dave
Beta Was this translation helpful? Give feedback.
All reactions