Categories
Networking Server SysAdmin Technology Virtualization

Deploying Proxmox 7 behind a firewall VM

How I run Proxmox with a single IP and MAC address.

Recovery

Well, it finally happened; now you need to restore a Virtual Machine, Container, or worse yet, the hypervisor host.

Snapshots

It goes without saying, but the easiest way to recover is from a snapshot which you made before you made a change that broke your Virtual Machine or Container — you did take a snapshot, right? The easiest way is to increment or rollback snapshots via the GUI under the Snapshots option for each of them, but if you need to do it by the command line, then you can.

First, obtain a list of your Virtual Machines or Containers in order to obtain their ID:

Virtual MachineContainer
qm listpct list

To make a snapshot:

Virtual Machines allow you to save the state of RAM with a snapshot (vmstate) on top of their storage and configuration, while as Containers can only snapshot their storage and configuration.

Virtual MachineContainer
qm snapshot \
100 \
Christmas \
--description "Everything works and I'm going on vacation" \
--vmstate true \
;
pct snapshot \
100 \
Christmas \
--description "Everything works and I'm going on vacation" \
;

To list the snapshots:

Virtual MachineContainer
qm listsnapshot 100pct listsnapshot 100

To restore a snapshot:

Suppose that something went awry while I was on Christmas vacation, and I wanted to pave over the changes with the last working state and boot the Virtual Machine or Container after a successful snapshot rollback (start):

Virtual MachineContainer
qm rollback \
100 \
Christmas \
--start 1 \
;
pct rollback \
100 \
Christmas \
--start 1 \
;

Console

WARNING: when these steps are completed, this will expose your Proxmox host’s GUI and SSH to the Internet.

Please ensure that you’re using a difficult password for your Proxmox root account, which you can reset after launching it via the QEMU emulator.

Remember the initial installation process above? Reboot the server into Rescue mode so that you can load Proxmox via QEMU and login with root and your password:

List the Virtual Machines and/or Containers to get their IDs and turn off auto-booting for each.

Using the ID of 100 as an example for a Virtual Machine or Container, and to disable it from booting, use:

Virtual MachineContainer
qm set 100 --onboot 0pct set 100 --onboot 0

Turn off the Proxmox firewall for the entire cluster if you enabled it:

sed -i \
    's/^enable: .*/enable: 0/' \
    /etc/pve/firewall/cluster.fw \
    ;

Replace /etc/network/interfaces with the recovery configuration:

cp -va \
    /etc/network/config-recovery \
    /etc/network/interfaces \
;

Now you can shut down Proxmox from within QEMU:

shutdown -h now

In the rescue shell, reboot the physical server, which should load into Proxmox:

reboot

4 replies on “Deploying Proxmox 7 behind a firewall VM”

Great post. Thank you so much – exactly what I was looking for!
But I’m missing a step-by-step guide to include Traefik 2 to your setup.
Or can’t I simply find it?

Leave a Reply

Your email address will not be published. Required fields are marked *