Networking Server SysAdmin Technology Virtualization

Deploying Proxmox 7 behind a firewall VM

How I run Proxmox with a single IP and MAC address.



In order to make egress traffic, you’ll want to copy the default “Allow all” rule from the PROXMOX rules to the VMS_HETZNER rules. You can do so by clicking on the Copy icon which is in between the Edit and Disable icons. When you have the option to edit your duplicated rule, change the Interface option from PROXMOX to VMS_HETZNER and the Source from PROXMOX net to VMS_HETZNER net, and then click on the Save button.

Set up a temporary Virtual Machine using the Ubuntu Desktop trial in the same manner that we used it to initially configure the firewall. As you’re creating the Virtual Machine, be sure to set the Network bridge to vmbr2 so that it’s on the first LAN dedicated to the initial Static IP of the firewall (I’ll demonstrate the second LAN in a subsequent section). From there, you can Google “What is my IP?” and you should see your server’s IP address.


A DHCP server should be running for your LAN network, but if it’s not, you can enable it by clicking on ServicesDHCP ServerVMS_HETZNEREnable DHCP server on VMS_HETZNER interface.

To discover your Virtual Machine’s IP address with CIDR, run the following command in a terminal:

ip -f inet addr show | awk '/inet / {print $2}' | tail -n1

In my case, my Virtual Machine’s DHCP-assigned IP address is

On this same Virtual Machine, you can use Python 3’s simple HTTP Server module to serve the contents of the desktop on port 8000 by opening a terminal and running the following command:

python3 -m http.server --directory ~/Desktop/ 8000

You can confirm that it’s working by opening a web browser inside of the Virtual Machine and going to http://localhost:8000 and should see a screen similar to this screenshot.

Remember earlier where we created NAT rules to access Proxmox from the Internet? The same principle applies here. Now that we have a web server running in a Virtual Machine on port 8000, we need to expose the port to the Internet. We’ll set the target IP to the one that we discovered above,

Aside from a simple demonstration and for a real-world deployment, you would assign a Static DHCP IP Address to the Virtual Machine in the firewall DHCP Server page for the interface or set the Virtual Machine’s IP address manually.

Now I can access the simple server remotely by visiting

4 replies on “Deploying Proxmox 7 behind a firewall VM”

Great post. Thank you so much – exactly what I was looking for!
But I’m missing a step-by-step guide to include Traefik 2 to your setup.
Or can’t I simply find it?

Leave a Reply

Your email address will not be published. Required fields are marked *